CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 6180 of 113 results
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-6747 Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data 5.3 0.42% 2024-10-10 2026-06-17
CVE-2024-38862 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. 5.1 0.32% 2024-10-14 2026-06-17
CVE-2024-38863 Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. 5.1 0.41% 2024-10-14 2026-06-17
CVE-2024-47094 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. 5.7 0.21% 2024-11-29 2026-06-17
CVE-2024-47093 Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS 8.8 0.51% 2024-12-19 2026-06-17
CVE-2024-38864 Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. 4.8 0.18% 2024-12-19 2026-06-17
CVE-2025-1075 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators. 5.6 0.29% 2025-02-19 2026-06-17
CVE-2024-47092 Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1 7.7 0.35% 2025-03-03 2026-06-17
CVE-2025-2596 Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) 2.3 0.20% 2025-03-26 2026-06-17
CVE-2024-38865 Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. 6.0 0.71% 2025-04-10 2026-06-17
CVE-2025-2092 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. 7.1 0.29% 2025-04-22 2026-06-17
CVE-2025-3506 Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. 6.3 0.27% 2025-05-08 2026-06-17
CVE-2025-32917 Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. 5.2 0.26% 2025-05-13 2026-06-17
CVE-2025-1712 Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files 8.7 0.66% 2025-05-21 2026-06-17
CVE-2025-32915 Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. 4.3 0.06% 2025-05-22 2026-06-17
CVE-2024-38866 Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection 5.3 0.30% 2025-05-27 2026-06-17
CVE-2024-47090 Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS 5.1 0.19% 2025-05-27 2026-06-17
CVE-2025-32918 Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands. 5.3 0.33% 2025-07-04 2026-06-17
CVE-2025-58123 Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. 6.9 0.10% 2025-08-28 2026-06-17
CVE-2025-58124 Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. 6.9 0.10% 2025-08-28 2026-06-17
cvelogic Threat Intelligence