5.3

CVSS4.0

CVE-2026-33457 - Potential livestatus injection in prediction graph page

Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value.

๐Ÿ“… Published: April 10, 2026, 8:31 a.m. ๐Ÿ”„ Last Modified: April 10, 2026, 8:31 a.m.

5.1

CVSS4.0

CVE-2026-33456 - Potential livestatus injection in notification test

Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.

๐Ÿ“… Published: April 10, 2026, 8:31 a.m. ๐Ÿ”„ Last Modified: April 10, 2026, 8:31 a.m.

5.3

CVSS4.0

CVE-2026-33455 - Livestatus injection in monitoring quicksearch

Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.

๐Ÿ“… Published: April 10, 2026, 8:30 a.m. ๐Ÿ”„ Last Modified: April 10, 2026, 8:30 a.m.

6.9

CVSS4.0

CVE-2026-6037 - code-projects Vehicle Showroom Management System AddVehicleFunction.php sql injection

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has beeโ€ฆ

๐Ÿ“… Published: April 10, 2026, 8:30 a.m. ๐Ÿ”„ Last Modified: April 10, 2026, 8:30 a.m.

6.9

CVSS4.0

CVE-2026-6036 - code-projects Vehicle Showroom Management System VehicleDetailsFunction.php sql injection

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. The exploit has beeโ€ฆ

๐Ÿ“… Published: April 10, 2026, 8:15 a.m. ๐Ÿ”„ Last Modified: April 10, 2026, 8:15 a.m.
Load More Vulnerability
avatar

Mehmet Ince

@mdisec

CVE stats coming here

avatar

Nuri ร‡ilengir

@ncilengir

CVE stats coming here

avatar

@aydinnyunus

CVE stats coming here

avatar

Onurcan Genรง

@onurcangnc

CVE stats coming here

avatar

Seyit Sigirci

@h3xecute

CVE stats coming here

avatar

Ali ฤฐltizar

@iltosec

CVE stats coming here

avatar

@b3rsec

CVE stats coming here

avatar

@furkank

CVE stats coming here

avatar

kutaysec

@kutaysec

CVE stats coming here