Cross-Origin Data Theft

Glances is vulnerable to Cross-Origin Data Theft via XML-RPC Server CORS Misconfiguration. The vulnerability is due to the XML-RPC handler not validating the Content-Type header, where an attacker-controlled webpage can issue a CORS simple request containing a valid XML-RPC payload, and the serve...

CVE-2026-33533

Glances prior to 4.5.3 exposes a Cross‑Origin Resource Sharing (CORS) weakness in its XML‑RPC server (enabled with glances -s/--server). The XML‑RPC handler does not validate Content‑Type, allowing an attacker‑controlled page to issue a CORS simple request (POST, Content‑Type: text/plain) that ca...

CVE-2026-32610

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

CVE-2025-64996

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

Linux Distros Unpatched Vulnerability : CVE-2025-64996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing a...

EUVD-2025-198049

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

CVE-2025-64996

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

CVE-2025-64996

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

UBUNTU-CVE-2025-64996

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

CVE-2025-64996 Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

CVE-2025-64996 Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...

CVE-2025-64996

Checkmk vulnerable component: mk_inotify plugin. Affected in versions before 2.4.0p16, 2.3.0p41, and all 2.2.0 and older. The plugin creates world-readable/writable files, allowing any local user to read its output and modify it, potentially leading to unauthorized access to or modification of mo...

PT-2025-47328

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.4.0p16 Checkmk versions prior to 2.3.0p41 Checkmk versions 2.2.0 and older Description The mk inotify plugin creates files that are world-readable and writable. This allows any local user on the system to read the...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.4.0p16, prior to 2.3.0p41, and all versions 2.2.0 and prior, which stems from the mkinotify plugin creating globally readable and writable files that could lead to unauthorized...

EUVD-2025-35159

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive...

CVE-2025-10640

CVE-2025-10640 affects EfficientLab’s WorkExaminer Professional (server components). An unauthenticated attacker who can reach TCP port 12306 can bypass server-side authentication due to a missing validation in the protocol call to an MSSQL stored procedure; the client-side validation is relied u...

Work Examiner Professional 安全漏洞

Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from a lack of authentication checks on the server side, which could allow an unauthenticated attacker to bypass the login prompt...

EUVD-2024-29836

Malicious code in bioql PyPI...

EUVD-2024-23264

Malicious code in bioql PyPI...

CVE-2021-38129

Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent...