Lucene search
+L

109 matches found

euvd
euvd
added 2026/04/07 3:30 p.m.8 views

EUVD-2026-19605

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/04/07 1:16 p.m.3 views

CVE-2026-3466

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

8.5CVSS5.7AI score0.00228EPSS
Exploits0References3
osv
osv
added 2026/04/07 1:16 p.m.8 views

UBUNTU-CVE-2026-3466

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

8.5CVSS5.7AI score0.00228EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/07 12:9 p.m.27 views

CVE-2025-39666 omd: Local privilege escalation when executing omd commands as root

Local privilege escalation in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the omd administrative...

9.3CVSS0.00121EPSS
Exploits0References1
osv
osv
added 2026/04/07 12:9 p.m.3 views

CVE-2025-39666 omd: Local privilege escalation when executing omd commands as root

Local privilege escalation in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the omd administrative...

9.3CVSS5.9AI score0.00121EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/07 12:8 p.m.4 views

CVE-2026-3466

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/04/07 12:8 p.m.5 views

CVE-2026-3466 Cross-site scripting in dashlet title

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

8.5CVSS5.6AI score0.00228EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/07 12:8 p.m.26 views

CVE-2026-3466 Cross-site scripting in dashlet title

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

8.5CVSS0.00228EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/07 12:0 a.m.14 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Vulnerabilities exist in versions of Checkmk prior to 2.2.0, 2.3.0p46, 2.4.0p25, and 2.5.0b3. These vulnerabilities stem from insufficient cleanup of title links in dashboard widgets. An attacker with permission to create...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/26 3:8 p.m.6 views

CVE-2026-24097

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/03/24 12:0 a.m.7 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p23, 2.3.0p45, and 2.2.0 contain security vulnerabilities. These vulnerabilities stem from the exposure of session signing keys, which could allow remote site administrators to forge session...

7.3CVSS5.8AI score0.00334EPSS
Exploits0References1
osv
osv
added 2026/03/13 7:54 p.m.7 views

UBUNTU-CVE-2026-2859

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deployagent endpoint, which could lead to information disclosure...

6.3CVSS5.8AI score0.0019EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/13 9:40 a.m.28 views

CVE-2026-2859 Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deployagent endpoint, which could lead to information disclosure...

6.3CVSS0.0019EPSS
Exploits0References1
cve
cve
added 2026/03/13 9:40 a.m.20 views

CVE-2026-2859

The CVE affects Checkmk deployments, specifically versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL). A vulnerability in the deploy_agent endpoint arises from improper permission enforcement, allowing unauthenticated users to observe different HTTP response codes and enumerate...

6.3CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/03/13 9:40 a.m.12 views

CVE-2026-24097

The CVE affects Checkmk: vulnerable in 2.4.0 prior to 2.4.0p23 and 2.3.0 prior to 2.3.0p43 (2.2.0 is EOL). The issue is improper permission enforcement in the agent-receiver/register_existing endpoint, enabling authenticated users to enumerate existing hosts by observing differences in HTTP respo...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/03/04 1:15 p.m.37 views

CVE-2026-3103 Deletion of passwords via RestApi

A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...

5.3CVSS0.00173EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/04 1:15 p.m.3 views

CVE-2026-3103 Deletion of passwords via RestApi

A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...

5.3CVSS5.9AI score0.00173EPSS
Exploits0References1
cve
cve
added 2026/02/26 10:26 a.m.34 views

CVE-2025-64999

The CVE-2025-64999 entry concerns Checkmk products: affected versions are 2.4.0 prior to 2.4.0p22 and 2.3.0 prior to 2.3.0p43. The root cause is improper neutralization of input in Synthetic Monitoring HTML logs, enabling an attacker who can influence a host’s check output to inject JavaScript in...

7.3CVSS5.4AI score0.00141EPSS
Exploits1References2Affected Software1
redhatcve
redhatcve
added 2025/12/19 2:9 p.m.8 views

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

5.3CVSS6.8AI score0.00182EPSS
Exploits0References1
nvd
nvd
added 2025/12/18 2:15 p.m.11 views

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

5.3CVSS0.00182EPSS
Exploits0References1
Rows per page
Query Builder