1445 matches found
CVE-2026-20915
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
UBUNTU-CVE-2026-33276
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
UBUNTU-CVE-2026-20915
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
CVE-2026-20915
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
CVE-2026-20915
Checkmk CVE-2026-20915 describes a stored XSS in the Pending Changes sidebar affecting Checkmk 2.5.0 (beta) before 2.5.0b2. An authenticated user with permission to create pending changes can inject JavaScript, which then executes in the browsers of other users viewing the sidebar. Impact per CVS...
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
CVE-2026-33276
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
CVE-2026-33276
CVE-2026-33276: Stored XSS in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users who can create hosts or services to inject/execute JavaScript in other users’ browsers during Unified Search. Affected component is the Unified Search feature; vulnerability arises from unescaped host/ser...
PT-2026-29255
Stored cross-site scripting XSS in Checkmk 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature...
PT-2026-29251
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0b2 contained security vulnerabilities. These vulnerabilities were due to a storage-side cross-site scripting issue, which could allow authenticated users to execute arbitrary JavaScript when...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0b2 contained security vulnerabilities. These vulnerabilities were caused by stored cross-site scripting, which could allow authenticated users to inject malicious JavaScript into the Pending...
Linux Distros Unpatched Vulnerability : CVE-2025-64998
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions ...
CVE-2026-24097
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...
CVE-2026-2859
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deployagent endpoint, which could lead to information disclosure...
CVE-2025-64998
Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...
EUVD-2025-208958
Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...