CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/06/10 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-9549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator...

4.8CVSS5.2AI score0.00142EPSS

Tenable Nessus•added 2026/06/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-7765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message- fetching endpoints to return the dashboard creator's messag...

6.3CVSS5.5AI score0.00187EPSS

Tenable Nessus•added 2026/06/10 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-8078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can...

4.8CVSS5.3AI score0.00142EPSS

Tenable Nessus•added 2026/06/10 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-8833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an...

8.5CVSS5.3AI score0.0014EPSS

RedhatCVE•added 2026/06/09 2:59 p.m.•5 views

CVE-2026-7765

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS

4.8CVSS5.2AI score0.00142EPSS

CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00142EPSS

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

8.5CVSS5.2AI score0.0014EPSS

CVE-2026-8833

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

8.5CVSS5.2AI score0.00136EPSS

CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...