106 matches found
CVE-2023-31208
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...
PT-2025-41173
Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.1.0.10 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.25 Dell PowerProtect Data Domain versions 7.10.1.0 through 7.10.1.50 Description The Dell PowerProtect Data Domain...
EUVD-2024-51944
Malicious code in bioql PyPI...
EUVD-2025-19936
Malicious code in bioql PyPI...
EUVD-2022-51018
Malicious code in bioql PyPI...
EUVD-2025-10484
Malicious code in bioql PyPI...
EUVD-2024-49291
Malicious code in bioql PyPI...
EUVD-2022-51017
Malicious code in bioql PyPI...
EUVD-2023-35523
Malicious code in bioql PyPI...
EUVD-2023-27684
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-31208
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command...
Linux Distros Unpatched Vulnerability : CVE-2024-8606
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bypass of two factor authentication in RestAPI in Checkmk 2.3.0p16 and 2.2.0p34 allows authenticated users to bypass two factor authentication CVE-2024-8606 Not...
CVE-2025-32918
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...
CVE-2025-32918
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...
CVE-2025-32918 Livestatus injection in autocomplete endpoint
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...
CVE-2025-32918
CVE-2025-32918 affects Checkmk where the Livestatus delimiter is improperly neutralized in the RestAPI autocomplete endpoint. This allows an authenticated user to inject arbitrary Livestatus commands. Affected versions are Checkmk <2.4.0p6, <2.3.0p35,
CVE-2025-32918 Livestatus injection in autocomplete endpoint
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...
PT-2025-27866 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.4.0p6 Checkmk versions prior to 2.3.0p35 Checkmk versions prior to 2.2.0p44 Checkmk version 2.1.0 Description: The issue is related to the improper neutralization of Livestatus command delimiters in the autocomplet...
CVE-2022-48317
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk = 2.1.0p10 and Checkmk = 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI...
CVE-2022-48318
No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...