9 matches found
UBUNTU-CVE-2026-33276
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
EUVD-2025-11494
Malicious code in bioql PyPI...
CVE-2025-29708
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services...
CVE-2025-29708
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services...
CVE-2025-29708
CVE-2025-29708 affects SourceCodester Company Website CMS 1.0. The vulnerability is a file upload flaw in the Create Services endpoint (/dashboard/Services) that could allow arbitrary file uploads due to improper validation. CVSS v3.1 base score 9.8 (network access, no authentication, user intera...
PT-2025-16891 · Sourcecodester · Sourcecodester Company Website Cms
Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS version 1.0 Description: The issue concerns a file upload vulnerability via the "Create Services" file. This vulnerability can be exploited through the "/dashboard/Services" API endpoint. The Create Services...
CVE-2025-29708
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /services interface. A low-privileged attacker can exploit the vulnerability to create services for any user on...