UBUNTU-CVE-2025-39666

Local privilege escalation in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the omd administrative...

EUVD-2025-16119

Malicious code in bioql PyPI...

EUVD-2024-25912

Malicious code in bioql PyPI...

EUVD-2023-26511

Malicious code in bioql PyPI...

EUVD-2024-31956

Malicious code in bioql PyPI...

EUVD-2023-35522

Malicious code in bioql PyPI...

CVE-2025-32915

CVE-2025-32915 affects Checkmk: packages downloaded by the automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and

CVE-2025-3506

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and Checkmk 2.4.0b6 allows attacker to access files that could contain secrets...

CVE-2025-2092

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p29, 2.2.0p41 and =2.1.0p49 EOL causes remote site authentication secrets to be written to log files accessible to administrators...

CVE-2024-13723

The CVE-2024-13723 issue affects the NagVis component bundled with Checkmk. Affected: NagVis/Checkmk prior to remediation versions. Root cause: an authenticated admin can upload a crafted map configuration (e.g., exploit.cfg) via the Map module’s import path, bypassing validation, then manipulate...

CVE-2024-13723

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP...

CVE-2024-8606

CVE-2024-8606 affects Checkmk, where the RestAPI allows bypassing two-factor authentication in affected versions (Checkmk before 2.3.0p16 and before 2.2.0p34) when accessed by authenticated users. The root cause is a 2FA bypass within the RestAPI. Documented impact is high/critical across confide...

CVE-2024-6542

CVE-2024-6542 affects Checkmk mknotifyd. The vulnerability arises from improper neutralization of command delimiters, enabling arbitrary command execution. Affected versions: Checkmk <= 2.0.0p39, and < 2.1.0p47, < 2.2.0p32,

CVE-2023-6157

CVE-2023-6157 affects Checkmk and is due to improper neutralization of livestatus command delimiters in the ajax_search function. Affected versions include Checkmk <= 2.0.0p39, < 2.1.0p37, and

CVE-2021-40905

The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...

CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...