4 matches found
EUVD-2026-17429
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
CVE-2025-35050
Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confKey parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting a malicious payload into this parameter. Note: This is only exploitable if the...
The vulnerability of the UpdateAction method in SolarWinds Orion software allows a hacker to execute arbitrary code with privileges of the Network Service.
The vulnerability of the UpdateAction method in the SolarWinds Orion Platform’s network monitoring software lies in improper string comparison. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with privileges of the Network Service...