CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

776 matches found

RedhatCVE•added 2026/05/11 8:25 p.m.•3 views

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...

7.6CVSS5.7AI score0.00039EPSS

Exploits0References1

NVD•added 2026/05/08 11:16 p.m.•6 views

CVE-2026-42224

7.6CVSS0.00039EPSS

Exploits0References3

ATTACKERKB•added 2026/05/08 10:2 p.m.•3 views

CVE-2026-42224

7.6CVSS5.7AI score0.00039EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/08 10:2 p.m.•26 views

CVE-2026-42224 ipl/web is vulnerable to reflected XSS by malformed search requests

7.6CVSS0.00039EPSS

Exploits0References3

CNNVD•added 2026/05/08 12:0 a.m.•5 views

Icinga PHP Library 跨站脚本漏洞

The Icinga PHP Library is an open-source monitoring and metrics solution system’s web component developed by Icinga. Versions of the Icinga PHP Library prior to 0.13.1 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to inject malicious JavaScript into the...

7.6CVSS5.7AI score0.00039EPSS

Exploits0References1

OSV•added 2026/05/05 12:0 a.m.•1 views

OPENSUSE-SU-2026:10693-1 icinga-php-library-0.19.2-1.1 on GA media

These are all security issues fixed in the icinga-php-library-0.19.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.6CVSS5.8AI score0.00039EPSS

Exploits0References1

Positive Technologies•added 2026/05/05 12:0 a.m.•6 views

PT-2026-37367

These are all security issues fixed in the icinga-php-library-0.19.2-1.1 package on the GA media of openSUSE Tumbleweed...

5.8AI score0.00039EPSS

Exploits0References2

Github Security Blog•added 2026/04/29 9:1 p.m.•2 views

ipl/web is vulnerable to reflected XSS by malformed search requests

Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...

7.6CVSS5.3AI score0.00039EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/29 9:1 p.m.•1 views

GHSA-55WF-5M3Q-6JJF ipl/web is vulnerable to reflected XSS by malformed search requests

7.6CVSS5.8AI score0.00039EPSS

Exploits0References5

Positive Technologies•added 2026/04/29 12:0 a.m.•5 views

PT-2026-37180

Name of the Vulnerable Software and Affected Versions Icinga Web versions prior to 0.13.1 Description An issue allows an attacker to inject malicious Javascript into a victim's browser to execute it within the context of Icinga Web. This occurs when a victim visits a specifically prepared website...

7.6CVSS5.9AI score0.00039EPSS

Exploits0References10

Cvelist•added 2026/04/14 8:37 p.m.•15 views

CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...

8.8CVSS0.00407EPSS

Exploits0References3

Packet Storm•added 2026/02/25 12:0 a.m.•80 views

📄 Icinga for Windows 1.13.3 Private Key Disclosure

This Metasploit module identifies and exploits insecure default ACL permissions in vulnerable versions of the Icinga for Windows PowerShell Framework. The certificate directory is created with overly permissive read access for the BUILTIN\Users group, allowing any local user to access the...

6.8CVSS5.5AI score0.00004EPSS

Exploits2

Packet Storm•added 2026/02/23 12:0 a.m.•89 views

📄 Icinga for Windows 1.13.3 Private Key Exposure

Icinga for Windows PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 install the certificate directory with insecure default permissions. The directory C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate is created with BUILTIN\Users:RX permissions,...

6.8CVSS5.5AI score0.00004EPSS

Exploits2

NVD•added 2026/02/01 1:15 p.m.•2 views

CVE-2022-50942

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...

5.4CVSS0.00079EPSS

Exploits0References4

OSV•added 2026/02/01 1:15 p.m.•1 views

CVE-2022-50942

4.8CVSS6AI score

Exploits0References4

UbuntuCve•added 2026/02/01 1:15 p.m.•1 views

CVE-2022-50942

5.4CVSS6.1AI score0.00079EPSS

Exploits0References5

OSV•added 2026/02/01 1:15 p.m.•0 views

UBUNTU-CVE-2022-50942

5.4CVSS6AI score0.00079EPSS

Exploits0References6

Cvelist•added 2026/02/01 12:15 p.m.•28 views

CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener

5.4CVSS0.00079EPSS

Exploits0References4

CVE•added 2026/02/01 12:15 p.m.•7 views

CVE-2022-50942

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that enables attackers to inject scripts via the icinga.min.js file by exploiting EventListener.handleEvent. This can lead to session hijacking and non-persistent phishing attacks. The issue is described across multiple s...

5.4CVSS5.5AI score0.00079EPSS

Exploits0References4

ATTACKERKB•added 2026/02/01 12:15 p.m.•4 views

CVE-2022-50942

5.4CVSS5.5AI score0.00079EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by