CVE-2026-33276

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

CVE-2026-33276

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

PT-2026-29255

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2019-25563

CVE-2019-25563 affects PCHelpWareV2 1.0.0.5. The vulnerability arises in the Create SC feature when a crafted BMP image with an oversized buffer is processed, enabling a local attacker to crash the application (denial of service). The impact is an availability degradation on the affected host. Th...

Service Upstart Persistence

This Metasploit module will create a service on the box, and mark it for auto-restart. You need enough access to write service files and potentially restart services...

CVE-2025-34302

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...

CVE-2025-34302 IPFire < v2.29 Stored XSS via Service Creation

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...

CVE-2025-34302 IPFire < v2.29 Stored XSS via Service Creation

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the PROT parameter when creating a new service. When a user adds a service, the application issues an HTTP POST...

CVE-2025-34302

CVE-2025-34302 affects IPFire versions prior to 2.29 (Core Update 198). The vulnerability is a stored cross-site scripting (XSS) in the PROT parameter used when creating a new service. An authenticated attacker can inject arbitrary JavaScript by manipulating PROT; the application stores this valu...

PT-2025-44161

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the PROT...

EUVD-2023-43964

Malicious code in bioql PyPI...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. that simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from an improper implementation of two-factor authentication, which...

CVE-2023-3289

A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system including admin. This results in unauthorized data manipulation...

CVE-2022-44784

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team DART responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures TTPs as most network security postures increase. In this blog, we detail a...

SAP Business One 代码问题漏洞

SAP Business One is a set of enterprise management software from SAP. The software includes functionality for financial management, operations management, and human resource management. A code issue vulnerability exists in the SAP Business One application that originates from the creation of a...

Backdoor.Win32.Delf.arjo Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/05177f77f075293ff7d58a7f2915c64f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arjo Vulnerability: Insecure Service Path Description: The malware creates a...

CVE-2018-8062

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...