CVE 清單 – 發現高風險與在野利用漏洞

聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。

指派機構(CNA / 來源):[email protected] 移除此篩選

顯示 120113 筆結果
«« 第一頁 « 上一頁 第 1 / 6 頁 下一頁 »
CVE 描述 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-32916 Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs. 1.0 0.18% 2025-10-09 2026-06-17
CVE-2025-65000 SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed. 2.3 0.18% 2025-12-18 2026-06-17
CVE-2025-2596 Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) 2.3 0.20% 2025-03-26 2026-06-17
CVE-2024-38858 Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. 2.3 0.31% 2024-09-02 2026-06-17
CVE-2024-28830 Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to administrators. 2.7 0.28% 2024-06-26 2026-06-17
CVE-2023-23549 Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. 2.7 0.63% 2023-11-15 2026-06-17
CVE-2023-6287 Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. 3.3 0.23% 2023-11-27 2026-06-17
CVE-2023-6251 Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. 3.5 0.15% 2023-11-24 2026-06-17
CVE-2022-4884 Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file. 3.5 0.48% 2023-01-09 2026-06-17
CVE-2023-1768 Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. 3.7 0.91% 2023-04-04 2026-06-17
CVE-2024-1742 Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. 3.8 0.24% 2024-03-22 2026-06-17
CVE-2023-22288 HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails 4.1 0.40% 2023-03-20 2026-06-17
CVE-2025-32915 Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. 4.3 0.06% 2025-05-22 2026-06-17
CVE-2024-38857 Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. 4.3 0.28% 2024-07-02 2026-06-17
CVE-2023-22359 User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. 4.3 0.50% 2023-06-26 2026-06-17
CVE-2023-22348 Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. 4.3 0.59% 2023-05-17 2026-06-17
CVE-2023-2020 Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host. 4.3 0.40% 2023-04-18 2026-06-17
CVE-2023-31207 Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. 4.4 0.22% 2023-05-02 2026-06-17
CVE-2024-2380 Stored XSS in graph rendering in Checkmk <2.3.0b4. 4.6 0.34% 2024-04-05 2026-06-17
CVE-2026-9549 Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an admin or a user with host read permissions when they run the check on the service discovery page. 4.8 0.14% 2026-06-08 2026-06-17
«« 第一頁 « 上一頁 第 1 / 6 頁 下一頁 »
cvelogic Threat Intelligence