Nagios

Nagios Xi

192 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-67254

  • EPSS 3.81%
  • Veröffentlicht 29.12.2025 00:00:00
  • Zuletzt bearbeitet 15.01.2026 02:13:36

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

8.8

CVE-2025-67255

  • EPSS 0.74%
  • Veröffentlicht 29.12.2025 00:00:00
  • Zuletzt bearbeitet 15.01.2026 02:14:23

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.

6.7

CVE-2025-34288

  • EPSS 0.14%
  • Veröffentlicht 16.12.2025 22:17:02
  • Zuletzt bearbeitet 24.12.2025 17:57:41

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includ...

6.1

CVE-2016-15054

  • EPSS 0.38%
  • Veröffentlicht 03.11.2025 21:56:26
  • Zuletzt bearbeitet 10.11.2025 18:15:34

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a downstream effect of an already identified vulnerability, CVE-2012-6708.

5.4

CVE-2021-47698

  • EPSS 0.5%
  • Veröffentlicht 03.11.2025 21:56:10
  • Zuletzt bearbeitet 07.11.2025 12:55:54

Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Insufficient validation or escaping of user-supplied input may allow an attacker to inje...

7.2

CVE-2024-13997

  • EPSS 0.15%
  • Veröffentlicht 03.11.2025 21:55:48
  • Zuletzt bearbeitet 06.11.2025 16:24:49

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workfl...

6.5

CVE-2024-13998

  • EPSS 1.1%
  • Veröffentlicht 03.11.2025 21:53:51
  • Zuletzt bearbeitet 06.11.2025 16:25:49

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or passwor...

5.4

CVE-2024-13992

  • EPSS 0.74%
  • Veröffentlicht 31.10.2025 12:35:56
  • Zuletzt bearbeitet 06.11.2025 18:12:02

Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate ...

5.4

CVE-2011-10037

  • EPSS 0.71%
  • Veröffentlicht 30.10.2025 21:57:27
  • Zuletzt bearbeitet 06.11.2025 17:15:41

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker t...

5.4

CVE-2021-47697

  • EPSS 0.5%
  • Veröffentlicht 30.10.2025 21:57:03
  • Zuletzt bearbeitet 05.11.2025 18:22:39

Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context ...