Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-32917 | Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. | 5.2 | 0.26% | 2025-05-13 | 2026-06-17 |
| CVE-2025-3506 | Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets. | 6.3 | 0.27% | 2025-05-08 | 2026-06-17 |
| CVE-2025-2092 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p29, <2.2.0p41 and <=2.1.0p49 (EOL) causes remote site authentication secrets to be written to log files accessible to administrators. | 7.1 | 0.29% | 2025-04-22 | 2026-06-17 |
| CVE-2024-38865 | Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. | 6.0 | 0.64% | 2025-04-10 | 2026-06-17 |
| CVE-2025-2596 | Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) | 2.3 | 0.20% | 2025-03-26 | 2026-06-17 |
| CVE-2024-47092 | Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1 | 7.7 | 0.35% | 2025-03-03 | 2026-06-17 |
| CVE-2025-1075 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators. | 5.6 | 0.29% | 2025-02-19 | 2026-06-17 |
| CVE-2024-38864 | Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | 4.8 | 0.18% | 2024-12-19 | 2026-06-17 |
| CVE-2024-47093 | Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | 8.8 | 0.51% | 2024-12-19 | 2026-06-17 |
| CVE-2024-47094 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | 5.7 | 0.21% | 2024-11-29 | 2026-06-17 |
| CVE-2024-38863 | Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishing attacks. | 5.1 | 0.41% | 2024-10-14 | 2026-06-17 |
| CVE-2024-38862 | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to be written to audit log files accessible to administrators. | 5.1 | 0.32% | 2024-10-14 | 2026-06-17 |
| CVE-2024-6747 | Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 5.3 | 0.42% | 2024-10-10 | 2026-06-17 |
| CVE-2024-38861 | Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a. | 4.9 | 0.19% | 2024-09-27 | 2026-06-17 |
| CVE-2024-8606 | Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication | 9.2 | 0.45% | 2024-09-23 | 2026-06-17 |
| CVE-2024-38860 | Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks. | 5.1 | 0.30% | 2024-09-17 | 2026-06-17 |
| CVE-2024-6572 | Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic | 6.3 | 0.27% | 2024-09-09 | 2026-06-17 |
| CVE-2024-38858 | Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | 2.3 | 0.31% | 2024-09-02 | 2026-06-17 |
| CVE-2024-38859 | XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users. | 4.8 | 0.42% | 2024-08-26 | 2026-06-17 |
| CVE-2024-28829 | Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges. | 5.2 | 0.18% | 2024-08-20 | 2026-06-17 |