Security Vulnerabilities
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information
CVSS Score
8.8
EPSS Score
0.0
Published
2026-04-01
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-01
Lack of output escaping for article titles leads to XSS vectors in various locations.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-01
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-04-01
An improper access check allows unauthorized access to webservice endpoints.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-04-01
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-04-01
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-04-01
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client certificates when a new node attempts to join the cluster. An unauthenticated attacker with network reachability to the Juju controller's Dqlite port can exploit this flaw to join the database cluster. Once joined, the attacker gains full read and write access to the underlying database, allowing for total data compromise.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-04-01
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.
CVSS Score
4.7
EPSS Score
0.003
Published
2026-04-01
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
CVSS Score
4.4
EPSS Score
0.0
Published
2026-04-01