CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 120113 筆結果
«« 第一頁 « 上一頁 第 1 / 6 頁 下一頁 »
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2022-46303 Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. 8.0 1.14% 2023-02-20 2026-06-17
CVE-2022-46836 PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component. 9.1 1.13% 2023-02-20 2026-06-17
CVE-2023-31209 Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users. 8.8 1.02% 2023-08-10 2026-06-17
CVE-2023-31208 Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. 8.3 0.97% 2023-05-17 2026-06-17
CVE-2023-0284 Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected. 6.8 0.92% 2023-01-26 2026-06-17
CVE-2023-1768 Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. 3.7 0.91% 2023-04-04 2026-06-17
CVE-2023-6157 Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. 7.6 0.86% 2023-11-22 2026-06-17
CVE-2023-6156 Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users. 7.6 0.86% 2023-11-22 2026-06-17
CVE-2024-38865 Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 (EOL) allows arbitrary livestatus command execution. Exploitation requires the attacker to have a contact group assigned to their user account and for an event to originate from a host with the same contact group or from an event generated with an unknown host. 6.0 0.71% 2025-04-10 2026-06-17
CVE-2023-22294 Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. 8.8 0.68% 2023-04-18 2026-06-17
CVE-2025-1712 Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files 8.7 0.66% 2025-05-21 2026-06-17
CVE-2025-39664 Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory. 7.1 0.63% 2025-10-09 2026-06-17
CVE-2023-23549 Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. 2.7 0.63% 2023-11-15 2026-06-17
CVE-2023-22348 Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. 4.3 0.59% 2023-05-17 2026-06-17
CVE-2025-39663 Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol). 8.5 0.55% 2025-10-30 2026-06-17
CVE-2023-31210 Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries 8.8 0.54% 2023-12-13 2026-06-17
CVE-2023-22318 Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. 7.5 0.53% 2023-05-15 2026-06-17
CVE-2024-28825 Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. 5.9 0.52% 2024-04-24 2026-06-17
CVE-2023-31211 Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials 8.8 0.51% 2024-01-12 2026-06-17
CVE-2024-47093 Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS 8.8 0.51% 2024-12-19 2026-06-17
«« 第一頁 « 上一頁 第 1 / 6 頁 下一頁 »
cvelogic Threat Intelligence