Nagios

Nagios Xi

195 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-2041

  • EPSS 1.44%
  • Veröffentlicht 20.02.2026 22:22:18
  • Zuletzt bearbeitet 24.02.2026 13:18:09

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this...

8.8

CVE-2026-2043

  • EPSS 1.07%
  • Veröffentlicht 20.02.2026 22:22:06
  • Zuletzt bearbeitet 24.02.2026 13:16:42

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to explo...

8.8

CVE-2026-2042

  • EPSS 1.44%
  • Veröffentlicht 20.02.2026 22:21:44
  • Zuletzt bearbeitet 24.02.2026 13:17:25

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerabilit...

7.5

CVE-2025-67254

  • EPSS 4.6%
  • Veröffentlicht 29.12.2025 00:00:00
  • Zuletzt bearbeitet 15.01.2026 02:13:36

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

8.8

CVE-2025-67255

  • EPSS 0.85%
  • Veröffentlicht 29.12.2025 00:00:00
  • Zuletzt bearbeitet 15.01.2026 02:14:23

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.

6.7

CVE-2025-34288

Medienbericht
  • EPSS 0.15%
  • Veröffentlicht 16.12.2025 22:17:02
  • Zuletzt bearbeitet 24.12.2025 17:57:41

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includ...

6.1

CVE-2016-15054

  • EPSS 0.38%
  • Veröffentlicht 03.11.2025 21:56:26
  • Zuletzt bearbeitet 10.11.2025 18:15:34

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a downstream effect of an already identified vulnerability, CVE-2012-6708.

5.4

CVE-2021-47698

  • EPSS 0.68%
  • Veröffentlicht 03.11.2025 21:56:10
  • Zuletzt bearbeitet 07.11.2025 12:55:54

Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Insufficient validation or escaping of user-supplied input may allow an attacker to inje...

7.2

CVE-2024-13997

  • EPSS 0.2%
  • Veröffentlicht 03.11.2025 21:55:48
  • Zuletzt bearbeitet 06.11.2025 16:24:49

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workfl...

6.5

CVE-2024-13998

  • EPSS 1.34%
  • Veröffentlicht 03.11.2025 21:53:51
  • Zuletzt bearbeitet 06.11.2025 16:25:49

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or passwor...