24 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-64999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check outp...
📄 Checkmk 2.4.0p21 Cross Site Scripting
Checkmk suffers from a persistent cross site scripting vulnerability. Versions affected include 2.4.0 before 2.4.0p22 and 2.3.0 before 2.3.0p43. ============================================================================================================================================= | Title :...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
UBUNTU-CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999
The CVE-2025-64999 entry concerns Checkmk products: affected versions are 2.4.0 prior to 2.4.0p22 and 2.3.0 prior to 2.3.0p43. The root cause is improper neutralization of input in Synthetic Monitoring HTML logs, enabling an attacker who can influence a host’s check output to inject JavaScript in...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p22 and 2.3.0p43 contained security vulnerabilities. These vulnerabilities were due to improper input handling, which could allow attackers to inject malicious JavaScript into the Synthetic...
EUVD-2024-2762
Malicious code in bioql PyPI...
CVE-2022-46156
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...
GHSA-9J4F-F249-Q5W8 Default installation of `synthetic-monitoring-agent` exposes sensitive information
Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...
GO-2022-1132 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information in github.com/grafana/synthetic-monitoring-agent
Grafana's default installation of synthetic-monitoring-agent exposes sensitive information in github.com/grafana/synthetic-monitoring-agent...
Information Disclosure
github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint...
CVE-2022-46156
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...
Authentication flaw
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...
Grafana 安全漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A security vulnerability exists in Grafana synthetic-monitoring-agent, which stems from the fact that i...
CVE-2022-46156
CVE-2022-46156 : Grafana’s Synthetic Monitoring Agent (pre-0.12.0) exposes an authentication token via a debugging endpoint, enabling retrieval of user checks bound to that token. Access does not guarantee checks due to API denying connections from already-connected agents, but token exposure sti...