Lucene search
+L

174 matches found

nessus
nessus
added 2026/07/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-71385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG...

6.1CVSS6AI score0.0024EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/07/03 6:40 a.m.8 views

CVE-2025-71385

A flaw was found in Netdata. A remote unauthenticated attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the api/v2/ilove.svg and api/v3/ilove.svg endpoints. By injecting malicious script into the love query parameter, an attacker could trick a victim into executing...

6.1CVSS6.2AI score0.0024EPSS
Exploits0References2
osv
osv
added 2026/07/02 8:17 p.m.5 views

DEBIAN-CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References1
osv
osv
added 2026/07/02 8:17 p.m.5 views

UBUNTU-CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References6
nvd
nvd
added 2026/07/02 8:17 p.m.11 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS0.0024EPSS
Exploits0References4
debiancve
debiancve
added 2026/07/02 7:37 p.m.8 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.0024EPSS
Exploits0
euvd
euvd
added 2026/07/02 7:37 p.m.8 views

EUVD-2025-210409

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.0024EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/07/02 7:37 p.m.5 views

CVE-2025-71385 Netdata < 2.3.1 - Reflected Cross-Site Scripting via love Parameter in ilove.svg Endpoint

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/02 7:37 p.m.9 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.0024EPSS
Exploits0References5
cve
cve
added 2026/07/02 7:37 p.m.18 views

CVE-2025-71385

Netdata before 2.3.1 is vulnerable to reflected XSS via the love query parameter on /api/v2/ilove.svg and /api/v3/ilove.svg, where the parameter is inserted into the SVG text without escaping. The attack surface includes endpoints with HTTP_ACL_NOCHECK and anonymous access, and bearer-token prote...

6.1CVSS5.7AI score0.0024EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/07/02 7:37 p.m.43 views

CVE-2025-71385 Netdata < 2.3.1 - Reflected Cross-Site Scripting via love Parameter in ilove.svg Endpoint

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS0.0024EPSS
Exploits0References4
osv
osv
added 2026/07/02 7:37 p.m.7 views

CVE-2025-71385 Netdata < 2.3.1 - Reflected Cross-Site Scripting via love Parameter in ilove.svg Endpoint

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

5.1CVSS5.9AI score0.0024EPSS
Exploits0References7
alpinelinux
alpinelinux
added 2026/07/02 7:37 p.m.6 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.12 views

PT-2026-55285

Name of the Vulnerable Software and Affected Versions Netdata versions prior to 2.3.1 Description Reflected cross-site scripting occurs when the application reflects the user-supplied love query parameter of the 'api/v2/ilove.svg' and 'api/v3/ilove.svg' endpoints verbatim into a generated SVG...

6.1CVSS6.1AI score0.0024EPSS
Exploits0References9
githubexploit
githubexploit
added 2025/12/03 4:52 p.m.295 views

Exploit for CVE-2024-32019

The ndsudo vulnerability allows an attacker to gain root permiss...

8.8CVSS8AI score0.01165EPSS
Exploits15
githubexploit
githubexploit
added 2025/11/26 12:34 a.m.290 views

Exploit for CVE-2024-32019

CVE-2024-32019 Proof of Concept Python A Python implementat...

8.8CVSS7.4AI score0.01165EPSS
Exploits15
euvd
euvd
added 2025/11/25 12:16 a.m.7 views

EUVD-2025-199442

Malicious code in @posthog/netdata-event-processing npm...

6.6AI score
Exploits0References3
osv
osv
added 2025/11/25 12:16 a.m.6 views

MAL-2025-191297 Malicious code in @posthog/netdata-event-processing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3fdd5fe90ae01310b329b8e4892a4e79799685cdb45682fd4de592b402710e The package @posthog/netdata-event-processing was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-10550

Malware in sbrugna...

6.5CVSS6.7AI score0.01962EPSS
Exploits1References7
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-10551

Malware in sbrugna...

6.1CVSS6.6AI score0.01751EPSS
Exploits1References6
Rows per page
Query Builder