Export limit exceeded: 346939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (244 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25297 | 1 Nagios | 1 Nagios Xi | 2025-11-03 | 8.8 High |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | ||||
| CVE-2021-25298 | 1 Nagios | 1 Nagios Xi | 2025-11-03 | 8.8 High |
| Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. | ||||
| CVE-2025-56432 | 1 Nagios | 3 Nagios, Nagios Xi, Xi | 2025-09-09 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data. | ||||
| CVE-2023-48082 | 1 Nagios | 2 Nagios Xi, Xi | 2025-07-10 | 9.1 Critical |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||
| CVE-2024-54957 | 1 Nagios | 1 Nagios Xi | 2025-07-07 | 6.1 Medium |
| Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent. | ||||
| CVE-2024-54960 | 1 Nagios | 1 Nagios Xi | 2025-07-07 | 6.5 Medium |
| A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component. | ||||
| CVE-2024-54959 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | 6.1 Medium |
| Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS). | ||||
| CVE-2024-54958 | 1 Nagios | 1 Nagios Xi | 2025-07-01 | 6.1 Medium |
| Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page. | ||||
| CVE-2024-33775 | 1 Nagios | 1 Nagios Xi | 2025-06-30 | 9.8 Critical |
| An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | ||||
| CVE-2024-24401 | 1 Nagios | 1 Nagios Xi | 2025-06-27 | 9.8 Critical |
| SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component. | ||||
| CVE-2024-42898 | 1 Nagios | 1 Nagios Xi | 2025-06-24 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. | ||||
| CVE-2024-54961 | 1 Nagios | 1 Nagios Xi | 2025-06-18 | 6.5 Medium |
| Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. | ||||
| CVE-2025-28132 | 1 Nagios | 1 Nagios Network Analyzer | 2025-06-18 | 4.6 Medium |
| A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf. | ||||
| CVE-2021-43584 | 1 Nagios | 1 Nagios Cross Platform Agent | 2025-06-16 | 4.8 Medium |
| DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | ||||
| CVE-2023-51072 | 1 Nagios | 1 Nagios Xi | 2025-06-16 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. | ||||
| CVE-2023-48085 | 1 Nagios | 1 Nagios Xi | 2025-05-22 | 9.8 Critical |
| Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. | ||||
| CVE-2016-10089 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | ||||
| CVE-2016-0726 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | ||||
| CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2025-04-20 | N/A |
| The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | ||||
| CVE-2016-6209 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Nagios. | ||||