Filtered by vendor Checkmk
Subscribe
Total
108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-33456 | 1 Checkmk | 1 Checkmk | 2026-04-20 | N/A | 7.6 HIGH |
| Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description. | |||||
| CVE-2026-33457 | 1 Checkmk | 1 Checkmk | 2026-04-20 | N/A | 6.3 MEDIUM |
| Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value. | |||||
| CVE-2025-39666 | 1 Checkmk | 1 Checkmk | 2026-04-14 | N/A | 7.3 HIGH |
| Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root. | |||||
| CVE-2026-24096 | 1 Checkmk | 1 Checkmk | 2026-04-07 | N/A | 8.8 HIGH |
| Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information | |||||
| CVE-2026-20915 | 1 Checkmk | 1 Checkmk | 2026-04-02 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar. | |||||
| CVE-2026-33276 | 1 Checkmk | 1 Checkmk | 2026-04-02 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature. | |||||
| CVE-2026-24097 | 1 Checkmk | 1 Checkmk | 2026-03-18 | N/A | 4.3 MEDIUM |
| Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register_existing endpoint, which could lead to information disclosure. | |||||
| CVE-2026-2859 | 1 Checkmk | 1 Checkmk | 2026-03-18 | N/A | 4.3 MEDIUM |
| Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy_agent endpoint, which could lead to information disclosure. | |||||