21 matches found
EUVD-2018-2991
Malware in sbrugna...
EUVD-2025-10484
Malicious code in bioql PyPI...
EUVD-2022-42340
Malicious code in bioql PyPI...
CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
UBUNTU-CVE-2024-38865
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
CVE-2024-38865
CVE-2024-38865 affects Checkmk RestAPI: an improper neutralization of livestatus command delimiters in a specific endpoint allows arbitrary livestatus command execution. Affected versions are prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL). Exploitation requires the attacker to belong to a contac...
CVE-2024-38865 Livestatus command injection in RestAPI
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
CVE-2024-38865 Livestatus command injection in RestAPI
Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 EOL allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for ...
PT-2025-15924 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.2.0p39 Checkmk versions prior to 2.3.0p25 Checkmk versions prior to 2.1.0p51 Description: The issue is related to improper neutralization of livestatus command delimiters in a specific endpoint within the RestAPI o...
CVE-2022-39895
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent...
Improper access control
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent...
CVE-2022-39895
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent...
CVE-2022-39895
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent...
PT-2022-25088 · Unknown · Contactlistutils
Name of the Vulnerable Software and Affected Versions: Phone versions prior to SMR Dec-2022 Release 1 Description: The issue is related to an improper access control vulnerability in ContactListUtils. This vulnerability allows access to contact group information via implicit intent...
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CNVD-2018-10867)
Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra, Inc. that includes WebMail, Calendar, Address Book, etc. Zimbra Web Client ZWC is one of the Web-based client applications. A cross-site scripting vulnerability exists in ZWC in versions 8.8 prior to Zimbra ZCS...
CVE-2018-10939
Zimbra Web Client ZWC in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group...
Cross site scripting
Zimbra Web Client ZWC in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group...
CVE-2018-10939
Zimbra Web Client ZWC in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group...
CVE-2018-10939
Zimbra Collaboration Suite (ZCS) Web Client (ZWC) is affected by a persistent XSS issue in the ZWC component when used with ZCS versions 8.8.x before 8.8.8.Patch4 and 8.7.x before 8.7.11.Patch4. The vulnerability arises via a crafted contact group, enabling an attacker to inject arbitrary web scr...