Lucene search
K

4 matches found

EUVD
EUVD
added 2026/03/31 3:31 p.m.2 views

EUVD-2026-17429

Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...

8.6CVSS6AI score0.00144EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/10 8:22 p.m.6 views

CVE-2025-35050

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

9.8CVSS8AI score0.00861EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/14 7:46 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confKey parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting a malicious payload into this parameter. Note: This is only exploitable if the...

7.6CVSS5.6AI score0.00242EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/11/27 12:0 a.m.6 views

The vulnerability of the UpdateAction method in SolarWinds Orion software allows a hacker to execute arbitrary code with privileges of the Network Service.

The vulnerability of the UpdateAction method in the SolarWinds Orion Platform’s network monitoring software lies in improper string comparison. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with privileges of the Network Service...

8.3CVSS7.7AI score0.05433EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder