Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-6747 | Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 5.3 | 0.42% | 2024-10-10 | 2026-06-17 |
| CVE-2024-38862 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | 5.1 | 0.32% | 2024-10-14 | 2026-06-17 |
| CVE-2024-38863 | Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | 5.1 | 0.41% | 2024-10-14 | 2026-06-17 |
| CVE-2024-47094 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | 5.7 | 0.21% | 2024-11-29 | 2026-06-17 |
| CVE-2024-47093 | Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | 8.8 | 0.51% | 2024-12-19 | 2026-06-17 |
| CVE-2024-38864 | Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | 4.8 | 0.18% | 2024-12-19 | 2026-06-17 |
| CVE-2025-1075 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators. | 5.6 | 0.29% | 2025-02-19 | 2026-06-17 |
| CVE-2024-47092 | Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1 | 7.7 | 0.35% | 2025-03-03 | 2026-06-17 |
| CVE-2025-2596 | Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) | 2.3 | 0.20% | 2025-03-26 | 2026-06-17 |
| CVE-2024-38865 | Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. | 6.0 | 0.71% | 2025-04-10 | 2026-06-17 |
| CVE-2025-2092 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | 7.1 | 0.29% | 2025-04-22 | 2026-06-17 |
| CVE-2025-3506 | Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. | 6.3 | 0.27% | 2025-05-08 | 2026-06-17 |
| CVE-2025-32917 | Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. | 5.2 | 0.26% | 2025-05-13 | 2026-06-17 |
| CVE-2025-1712 | Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files | 8.7 | 0.66% | 2025-05-21 | 2026-06-17 |
| CVE-2025-32915 | Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. | 4.3 | 0.06% | 2025-05-22 | 2026-06-17 |
| CVE-2024-38866 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection | 5.3 | 0.30% | 2025-05-27 | 2026-06-17 |
| CVE-2024-47090 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | 5.1 | 0.19% | 2025-05-27 | 2026-06-17 |
| CVE-2025-32918 | Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands. | 5.3 | 0.33% | 2025-07-04 | 2026-06-17 |
| CVE-2025-58123 | Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |
| CVE-2025-58124 | Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | 6.9 | 0.10% | 2025-08-28 | 2026-06-17 |