Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Checkmk — Vulnerabilities & Security Advisories 91

All 91 CVE vulnerabilities found in Checkmk, with AI-generated Chinese analysis, references, and POCs.

Vendor: Tribe29

CVE IDTitleCVSSSeverityPublished
CVE-2025-2596 Session logout can be overwritten by long lasting request CWE-613 7.1AIHighAI2025-03-26
CVE-2025-1075 LDAP credentials logged to Apache error log CWE-532 4.9 -2025-02-19
CVE-2024-38864 User-Readable Private Key in Windows Agent CWE-732 5.5 -2024-12-19
CVE-2024-47094 Logging of sitesecret to automations log CWE-532 7.5 -2024-11-29
CVE-2024-38863 CSRF token leaked in URL parameters CWE-598 6.5AIMediumAI2024-10-14
CVE-2024-38862 SNMP and IMPI secrets written to audit log CWE-532 4.9AIMediumAI2024-10-14
CVE-2024-6747 Information leak in mknotifyd CWE-201 5.3 Medium2024-10-10
CVE-2024-8606 Fix 2FA bypass via RestAPI CWE-863 6.5AIMediumAI2024-09-23
CVE-2024-38860 Reflected links in error message facilitate phishing attacks CWE-79 6.1 -2024-09-17
CVE-2024-6572 Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' CWE-322 5.9AIMediumAI2024-09-09
CVE-2024-38858 Cross-site scripting in Robotmk logs view CWE-79 9.0AICriticalAI2024-09-02
CVE-2024-38859 XSS in view page with SLA column CWE-80 5.4AIMediumAI2024-08-26
CVE-2024-28829 Privilege escalation in mk_informix plugin CWE-272 7.8AIHighAI2024-08-20
CVE-2024-6542 Livestatus injection in mknotifyd CWE-140 6.5 Medium2024-07-22
CVE-2024-28828 1-Click compromize via CSRF CWE-352 8.8 High2024-07-10
CVE-2024-28827 Privilege escalation in Windows agent CWE-732 8.8 High2024-07-10
CVE-2024-6163 local IP restriction of internal HTTP endpoints CWE-290 5.3 Medium2024-07-08
CVE-2024-6052 XSS in SQL check parameters CWE-80 6.5 Medium2024-07-03
CVE-2024-38857 Reflected links in visuals facilitate phishing attacks CWE-79 4.3 Medium2024-07-02
CVE-2024-28830 Automation user secrets written to audit log CWE-532 2.7 Low2024-06-26
CVE-2024-28832 XSS in Crash Report Page CWE-80 4.8 Medium2024-06-25
CVE-2024-28831 XSS in confirmation pop-up CWE-80 5.4 Medium2024-06-25
CVE-2024-5741 XSS in inventory view CWE-80 6.5 Medium2024-06-17
CVE-2024-28833 Missing brute-force protection for two factor authentication CWE-307 5.9 Medium2024-06-10
CVE-2024-28826 Unrestricted upload and download paths in check_sftp CWE-73 8.8 High2024-05-29
CVE-2024-28825 Brute-force protection ineffective for some login methods CWE-307 5.9 Medium2024-04-24
CVE-2024-3367 Argument injection to runmqsc CWE-88 6.5 Medium2024-04-16
CVE-2024-2380 XSS in graph rendering CWE-80 4.6 Medium2024-04-05
CVE-2024-28824 Privilege escalation in mk_informix plugin CWE-272 8.8 High2024-03-22
CVE-2024-1742 Information disclosure in mk_oracle Checkmk agent plugin CWE-214 3.8 Low2024-03-22

All 91 known CVE vulnerabilities affecting Checkmk with full Chinese analysis, references, and POCs where available.