CVE-2022-23961

In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface...

PT-2026-38658

Name of the Vulnerable Software and Affected Versions Thruk Monitoring versions prior to 2.46.4 Description The login field of the login form is susceptible to reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper validation, allowing...

CVE-2024-39915

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

EUVD-2025-37220

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

JLSEC-2025-22 D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon...

EUVD-2021-19518

Malware in sbrugna...

CVE-2023-53612 hwmon: (coretemp) Simplify platform device handling

In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globally by the initcall and CPU hotplug notifiers, while the "driver" effectively just wraps an allocation...

EUVD-2024-50792

Malicious code in bioql PyPI...

CVE-2025-40770

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions. The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks...

CVE-2025-40770

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions. The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks...

CVE-2025-40770

CVE-2025-40770 affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0, all versions). The vulnerability stems from a monitoring interface that is not operated in a strictly passive mode, allowing interaction with the interface and enabling man‑in‑the‑middle attacks. Impact is rated HIGH (conf...

Siemens SINEC Traffic Analyzer 安全漏洞

Siemens SINEC Traffic Analyzer is a network traffic analysis tool from Siemens Germany. A security vulnerability exists in Siemens SINEC Traffic Analyzer, which stems from a non-strictly passive mode of the monitoring interface and could lead to a man-in-the-middle attack...

CVE-2025-53520 EG4 Electronics EG4 Inverters Download of Code Without Integrity Check

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center remote, cloud-connected interface or via a serial connection, and can install these files without integrity checks. The TTComp archive format...

CVE-2024-12347

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewmswar/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper...

CVE-2024-12347

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewmswar/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS 1.0.0 and prior versions, which stems from improper authorization due to unknown handling of the Druid Monitoring Interface component...

CVE-2024-12347

Summary: CVE-2024-12347 affects Guangzhou Huayi Intelligent Technology Jeewms 1.0.0 and earlier, specifically the Druid Monitoring Interface file /jeewms_war/webpage/system/druid/index.html, where improper authorization can be exploited remotely. The vulnerability context across connected sources...

CVE-2024-12347 Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewmswar/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper...