26 matches found
Checkmate 信息泄露漏洞
Checkmate is an open-source, self-hosted tool developed by BlueWave. It aims to provide visually appealing real-time tracking and monitoring of server hardware, uptime, response times, and events. Versions of Checkmate prior to 3.4.0 contained a security vulnerability related to information...
EUVD-2025-14245
Malicious code in bioql PyPI...
EUVD-2025-13347
Malicious code in bioql PyPI...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-48024
CVE-2025-48024 affects BlueWave Checkmate before 2.1. An authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint, leading to secret disclosure. The advisories consistently describe the issue and recommend upgrading to version 2.1 or later; as a tempor...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
PT-2025-21262 · Unknown · Bluewave Checkmate
Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions prior to 2.1 Description: The issue allows an authenticated regular user to access sensitive application secrets. This is achieved via the "/api/v1/settings" endpoint. Recommendations: For versions prior to 2.1,...
Checkmate 安全漏洞
Checkmate is an open source, self-hosted tool from BlueWave Open Source designed to track and monitor server hardware, uptime, response time and events in real-time with beautiful visualizations. A security vulnerability exists in Checkmate versions prior to 2.1 that stems from unrestricted acces...
CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
CVE-2025-47817
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter...
PT-2025-20645 · Bluewave · Bluewave Checkmate
Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions 2.0.2 and earlier, before b387eba Description: The issue allows a profile edit request to include a role parameter. This is related to the external control of assumed-immutable web parameters. Recommendations: For...
CVE-2025-47817
CVE-2025-47817 affects BlueWave Checkmate 2.0.2 and earlier (pre-b387eba). The issue arises from a profile edit request permitting a role parameter, enabling unvalidated external control of web parameters. CVSS v3.1: Network attack, low privileges, no user interaction, with high impacts to confid...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...
CVE-2025-47245
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...