Lucene search
K

24 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-64999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check outp...

7.3CVSS5.8AI score0.00141EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.145 views

📄 Checkmk 2.4.0p21 Cross Site Scripting

Checkmk suffers from a persistent cross site scripting vulnerability. Versions affected include 2.4.0 before 2.4.0p22 and 2.3.0 before 2.3.0p43. ============================================================================================================================================= | Title :...

7.3CVSS5.3AI score0.00141EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.7 views

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

7.3CVSS5.9AI score0.00141EPSS
Exploits1References1
OSV
OSV
added 2026/02/26 11:16 a.m.4 views

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

5.4CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/02/26 11:16 a.m.20 views

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

7.3CVSS0.00141EPSS
Exploits1References2
OSV
OSV
added 2026/02/26 11:16 a.m.11 views

UBUNTU-CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

7.3CVSS5.8AI score0.00141EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/26 11:16 a.m.10 views

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

7.3CVSS5.9AI score0.00141EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/26 10:26 a.m.24 views

CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

7.3CVSS0.00141EPSS
Exploits1References2
CVE
CVE
added 2026/02/26 10:26 a.m.32 views

CVE-2025-64999

The CVE-2025-64999 entry concerns Checkmk products: affected versions are 2.4.0 prior to 2.4.0p22 and 2.3.0 prior to 2.3.0p43. The root cause is improper neutralization of input in Synthetic Monitoring HTML logs, enabling an attacker who can influence a host’s check output to inject JavaScript in...

7.3CVSS5.4AI score0.00141EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/26 10:26 a.m.7 views

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

7.3CVSS5.4AI score0.00141EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.11 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p22 and 2.3.0p43 contained security vulnerabilities. These vulnerabilities were due to improper input handling, which could allow attackers to inject malicious JavaScript into the Synthetic...

7.3CVSS5.8AI score0.00141EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2762

Malicious code in bioql PyPI...

7.2CVSS6.1AI score0.00473EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/05 8:59 p.m.8 views

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

7.2CVSS6.7AI score0.00473EPSS
Exploits0References1
OSV
OSV
added 2024/09/06 9:37 p.m.23 views

GHSA-9J4F-F249-Q5W8 Default installation of `synthetic-monitoring-agent` exposes sensitive information

Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and...

7.2CVSS5.5AI score0.00473EPSS
Exploits0References9
OSV
OSV
added 2024/08/21 4:3 p.m.43 views

GO-2022-1132 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information in github.com/grafana/synthetic-monitoring-agent

Grafana's default installation of synthetic-monitoring-agent exposes sensitive information in github.com/grafana/synthetic-monitoring-agent...

7.2CVSS5AI score0.00473EPSS
Exploits0References7
Veracode
Veracode
added 2022/12/01 4:41 a.m.40 views

Information Disclosure

github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint...

7.2CVSS5.6AI score0.00473EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2022/11/30 10:15 p.m.44 views

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

7.2CVSS0.00473EPSS
Exploits0References6
Prion
Prion
added 2022/11/30 10:15 p.m.34 views

Authentication flaw

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

1.7CVSS4.5AI score0.00473EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2022/11/30 12:0 a.m.4 views

Grafana 安全漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A security vulnerability exists in Grafana synthetic-monitoring-agent, which stems from the fact that i...

7.2CVSS6.5AI score0.00473EPSS
Exploits0References7
CVE
CVE
added 2022/11/30 12:0 a.m.90 views

CVE-2022-46156

CVE-2022-46156 : Grafana’s Synthetic Monitoring Agent (pre-0.12.0) exposes an authentication token via a debugging endpoint, enabling retrieval of user checks bound to that token. Access does not guarantee checks due to API denying connections from already-connected agents, but token exposure sti...

7.2CVSS5.6AI score0.00473EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder