Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-8833 | Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another user interacts with the crafted link. | 8.5 | 0.14% | 2026-06-08 | 2026-06-17 |
| CVE-2026-7186 | Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the dashboard. | 8.5 | 0.14% | 2026-06-08 | 2026-06-17 |
| CVE-2026-3466 | Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting (XSS) attacks by tricking a victim into clicking a crafted dashlet title link on a shared dashboard. | 8.5 | 0.23% | 2026-04-07 | 2026-06-17 |
| CVE-2025-39666 | Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root. | 9.3 | 0.12% | 2026-04-07 | 2026-06-17 |
| CVE-2026-33276 | Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature. | 8.6 | 0.14% | 2026-03-31 | 2026-06-17 |
| CVE-2026-20915 | Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar. | 8.5 | 0.15% | 2026-03-31 | 2026-06-17 |
| CVE-2025-39663 | Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol). | 8.5 | 0.56% | 2025-10-30 | 2026-06-17 |
| CVE-2025-32919 | Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL). | 8.8 | 0.24% | 2025-10-09 | 2026-06-17 |
| CVE-2025-1712 | Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files | 8.7 | 0.66% | 2025-05-21 | 2026-06-17 |
| CVE-2024-47093 | Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | 8.8 | 0.51% | 2024-12-19 | 2026-06-17 |
| CVE-2024-8606 | Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication | 9.2 | 0.45% | 2024-09-23 | 2026-06-17 |
| CVE-2024-28828 | Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. | 8.8 | 0.23% | 2024-07-10 | 2026-06-17 |
| CVE-2024-28827 | Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. | 8.8 | 0.17% | 2024-07-10 | 2026-06-17 |
| CVE-2024-28826 | Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | 8.8 | 0.47% | 2024-05-29 | 2026-06-17 |
| CVE-2024-28824 | Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 8.8 | 0.18% | 2024-03-22 | 2026-06-17 |
| CVE-2024-0638 | Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. | 8.2 | 0.19% | 2024-03-22 | 2026-06-17 |
| CVE-2024-0670 | Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges | 8.8 | 0.34% | 2024-03-11 | 2026-06-17 |
| CVE-2023-6740 | Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 8.8 | 0.18% | 2024-01-12 | 2026-06-17 |
| CVE-2023-6735 | Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 8.8 | 0.28% | 2024-01-12 | 2026-06-17 |
| CVE-2023-31211 | Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 8.8 | 0.51% | 2024-01-12 | 2026-06-17 |