CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-13591

Malware in sbrugna...

6.5CVSS6.5AI score0.00262EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-13546

Malware in sbrugna...

8.8CVSS8.7AI score0.01641EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-52813

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.00148EPSS

RedhatCVE•added 2025/05/23 7:24 a.m.•5 views

CVE-2024-33854

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23...

9.1CVSS8.1AI score0.00121EPSS

RedhatCVE•added 2025/05/22 6:35 p.m.•4 views

CVE-2021-28053

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration Users Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters...

8.8CVSS8.2AI score0.00293EPSS

RedhatCVE•added 2025/05/22 1:26 p.m.•3 views

CVE-2018-21023

getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the nsid parameter...

8.8CVSS7.7AI score0.01641EPSS

RedhatCVE•added 2025/05/22 10:21 a.m.•2 views

CVE-2019-15298

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filin...

8.8CVSS7.4AI score0.08505EPSS

RedhatCVE•added 2025/05/22 5:21 a.m.•8 views

CVE-2019-15299

An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contactautologinkey field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication...

8.8CVSS7AI score0.00057EPSS

RedhatCVE•added 2025/05/15 10:10 a.m.•19 views

CVE-2025-4648

Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from...

8.4CVSS6.5AI score0.00286EPSS

Cvelist•added 2025/05/13 11:40 a.m.•27 views

CVE-2025-4649 ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 befo...

4.9CVSS0.00171EPSS

CVE•added 2025/05/13 9:45 a.m.•44 views

CVE-2025-4648

Centreon web is affected by a reflected XSS vulnerability (CVE-2025-4648) where the content of an uploaded SVG file is not properly validated. A user with elevated privileges can inject JavaScript by altering a SVG media during submission. Affected versions include Centreon web 22.10.0–22.10.29, ...

8.4CVSS6.3AI score0.00286EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/05/13 9:45 a.m.•17 views

CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.

The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0...

8.4CVSS0.00286EPSS

OSV•added 2025/05/13 9:45 a.m.•5 views

CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.

8.4CVSS6.6AI score0.00286EPSS

Cvelist•added 2025/05/13 9:31 a.m.•20 views

CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before...

8.4CVSS0.00211EPSS

OSV•added 2025/05/13 9:31 a.m.•7 views

CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG

8.4CVSS6AI score0.00211EPSS

Positive Technologies•added 2025/05/13 12:0 a.m.•2 views

PT-2025-20881 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon web versions 22.10.0 through 22.10.29 Centreon web versions 23.04.0 through 23.04.27 Centreon web versions 23.10.0 through 23.10.22 Centreon web versions 24.04.0 through 24.04.11 Centreon web versions 24.10.0 through 24.10.5...

8.4CVSS5.9AI score0.00286EPSS

Exploits0References7

OSV•added 2025/01/23 10:15 p.m.•4 views

CVE-2024-53923

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media...

7.2CVSS7.8AI score0.00133EPSS

Cvelist•added 2025/01/23 12:0 a.m.•10 views

CVE-2024-53923

9.1CVSS0.00133EPSS