Nagios

Nagios Xi

110 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-34227

  • EPSS 0.53%
  • Published 25.09.2025 17:15:38
  • Last modified 26.09.2025 14:32:19

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provide...

8.8

CVE-2024-13986

Exploit
  • EPSS 1.02%
  • Published 28.08.2025 15:49:46
  • Last modified 09.09.2025 18:40:57

Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensi...

6.1

CVE-2025-56432

  • EPSS 0.44%
  • Published 26.08.2025 00:00:00
  • Last modified 09.09.2025 18:56:36

A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web comp...

8.6

CVE-2012-10029

  • EPSS 64.8%
  • Published 05.08.2025 20:15:33
  • Last modified 06.08.2025 16:15:27

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code e...

6.1

CVE-2024-54957

  • EPSS 0.11%
  • Published 27.02.2025 20:16:01
  • Last modified 07.07.2025 17:49:10

Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without ...

6.1

CVE-2024-54958

  • EPSS 1.65%
  • Published 20.02.2025 18:15:25
  • Last modified 01.07.2025 15:02:14

Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other ...

6.1

CVE-2024-54959

  • EPSS 1.65%
  • Published 20.02.2025 18:15:25
  • Last modified 01.07.2025 15:02:21

Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).

6.5

CVE-2024-54960

  • EPSS 1.82%
  • Published 20.02.2025 18:15:25
  • Last modified 07.07.2025 17:46:10

A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.

6.5

CVE-2024-54961

  • EPSS 2.43%
  • Published 20.02.2025 18:15:25
  • Last modified 18.06.2025 23:39:55

Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.

5.4

CVE-2024-42898

Exploit
  • EPSS 4.26%
  • Published 09.01.2025 20:15:38
  • Last modified 24.06.2025 14:27:00

A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.