CVE-2025-28059
- EPSS 0.18%
- Published 18.04.2025 00:00:00
- Last modified 11.07.2025 13:33:38
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend f...
CVE-2025-28131
- EPSS 0.04%
- Published 01.04.2025 17:15:46
- Last modified 11.07.2025 13:39:20
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due...
CVE-2025-28132
- EPSS 0.04%
- Published 01.04.2025 17:15:46
- Last modified 18.06.2025 13:59:16
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where sess...
CVE-2021-28924
- EPSS 66.18%
- Published 08.04.2021 13:15:14
- Last modified 21.11.2024 06:00:23
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
CVE-2021-28925
- EPSS 74.24%
- Published 08.04.2021 13:15:14
- Last modified 21.11.2024 06:00:24
SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.