NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-65000 | SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed. | 2.3 | 0.18% | 2025-12-18 | 2026-06-17 |
| CVE-2025-64997 | Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure. | 6.3 | 0.21% | 2025-12-18 | 2026-06-17 |
| CVE-2025-39665 | User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames. | 6.9 | 0.22% | 2025-12-03 | 2026-06-17 |
| CVE-2025-64996 | In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data. | 4.8 | 0.08% | 2025-11-18 | 2026-06-17 |
| CVE-2025-58122 | Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure. | 5.3 | 0.14% | 2025-11-18 | 2026-06-17 |
| CVE-2025-58121 | Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information | 5.3 | 0.17% | 2025-11-18 | 2026-06-17 |
| CVE-2025-39663 | Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol). | 8.5 | 0.55% | 2025-10-30 | 2026-06-17 |
| CVE-2025-39664 | Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory. | 7.1 | 0.63% | 2025-10-09 | 2026-06-17 |
| CVE-2025-32919 | Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL). | 8.8 | 0.24% | 2025-10-09 | 2026-06-17 |
| CVE-2025-32916 | Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs. | 1.0 | 0.18% | 2025-10-09 | 2026-06-17 |
| CVE-2025-58127 | Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |
| CVE-2025-58126 | Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |
| CVE-2025-58125 | Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |
| CVE-2025-58124 | Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |
| CVE-2025-58123 | Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |
| CVE-2025-32918 | Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands. | 5.3 | 0.33% | 2025-07-04 | 2026-06-17 |
| CVE-2024-47090 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | 5.1 | 0.19% | 2025-05-27 | 2026-06-17 |
| CVE-2024-38866 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection | 5.3 | 0.30% | 2025-05-27 | 2026-06-17 |
| CVE-2025-32915 | Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. | 4.3 | 0.06% | 2025-05-22 | 2026-06-17 |
| CVE-2025-1712 | Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files | 8.7 | 0.66% | 2025-05-21 | 2026-06-17 |