CVE-2018-25403

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

Astra Linux - уязвимость в zabbix

A authenticated user can create a link containing reflected JavaScript code for a graph page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...

Astra Linux - уязвимость в zabbix

The cause of the vulnerability is improper validation of the “Name” field in the form input on the Graph page in the Items section...

Linux Distros Unpatched Vulnerability : CVE-2026-33457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus command...

EUVD-2026-21346

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

UBUNTU-CVE-2026-33457

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

CVE-2026-33457 Potential livestatus injection in prediction graph page

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

CVE-2026-33457

Livestatus injection affecting Checkmk’s prediction graph page (affected versions: <2.5.0b4, <2.4.0p26,

CVE-2026-33457 Potential livestatus injection in prediction graph page

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

PT-2026-31900

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.5.0b4, prior to 2.4.0p26, and prior to 2.3.0p47 Description A flaw exists in Checkmk that allows an authenticated user to inject arbitrary Livestatus commands. This occurs through insufficient sanitization of the...

CVE-2026-33457

Livestatus injection in the prediction graph page in Checkmk 2.5.0b4, 2.4.0p26, and 2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value...

EUVD-2024-19715

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-35230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed onl...

CVE-2021-21802

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

VulnCheck KEV: CVE-2021-21801

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

SUSE CVE-2024-22119

The cause of vulnerability is improper validation of form input field "Name" on Graph page in Items section...

SUSE SLES12 Security Update : zabbix (SUSE-SU-2024:0862-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0862-1 advisory. - The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. CVE-2024-22119 Note that Nessus...

CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

DEBIAN-CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...