Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-31208 | Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | 8.3 | 0.97% | 2023-05-17 | 2024-11-21 |
| CVE-2023-22348 | Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | 4.3 | 0.59% | 2023-05-17 | 2024-11-21 |
| CVE-2023-22359 | User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | 4.3 | 0.35% | 2023-06-26 | 2024-11-21 |
| CVE-2023-23548 | Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. | 5.4 | 0.35% | 2023-08-01 | 2024-11-21 |
| CVE-2023-31209 | Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. | 8.8 | 1.02% | 2023-08-10 | 2024-11-21 |
| CVE-2023-23549 | Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. | 2.7 | 0.63% | 2023-11-15 | 2024-11-21 |
| CVE-2023-6156 | Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | 7.6 | 0.86% | 2023-11-22 | 2024-11-21 |
| CVE-2023-6157 | Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. | 7.6 | 0.86% | 2023-11-22 | 2024-11-21 |
| CVE-2023-6251 | Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. | 3.5 | 0.15% | 2023-11-24 | 2024-11-21 |
| CVE-2023-6287 | Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. | 3.3 | 0.23% | 2023-11-27 | 2024-11-21 |
| CVE-2023-31210 | Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries | 8.8 | 0.54% | 2023-12-13 | 2024-11-21 |
| CVE-2023-31211 | Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 8.8 | 0.51% | 2024-01-12 | 2024-11-21 |
| CVE-2023-6735 | Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 8.8 | 0.28% | 2024-01-12 | 2024-11-21 |
| CVE-2023-6740 | Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 8.8 | 0.18% | 2024-01-12 | 2024-11-21 |
| CVE-2024-0670 | Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | 8.8 | 0.34% | 2024-03-11 | 2024-12-09 |
| CVE-2024-0638 | Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 8.2 | 0.19% | 2024-03-22 | 2024-12-04 |
| CVE-2024-1742 | Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. | 3.8 | 0.24% | 2024-03-22 | 2024-12-04 |
| CVE-2024-28824 | Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 8.8 | 0.18% | 2024-03-22 | 2024-12-04 |
| CVE-2024-2380 | Stored XSS in graph rendering in Checkmk <2.3.0b4. | 4.6 | 0.34% | 2024-04-05 | 2024-12-04 |
| CVE-2024-3367 | Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | 6.5 | 0.31% | 2024-04-16 | 2024-12-05 |