VYPR

XI

by Nagios

CVEs (129)

  • CVE-2025-34287Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents,…

  • CVE-2025-34135Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden…

  • CVE-2021-47700Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and…

  • CVE-2024-14006Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a crafted Host header to…

  • CVE-2018-25122Oct 30, 2025
    risk 0.00cvss epss 0.02

    Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an…

  • CVE-2024-14005Oct 30, 2025
    risk 0.00cvss epss 0.04

    Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command…

  • CVE-2020-36867Oct 30, 2025
    risk 0.00cvss epss 0.03

    Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or…

  • CVE-2021-47689Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting (XSS) vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or…

  • CVE-2021-47691Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities via the Services page affecting the config_name and service_description fields. Insufficient validation or escaping of…

  • CVE-2022-50584Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and…

  • CVE-2020-36861Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input…

  • CVE-2021-47690Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute…

  • CVE-2020-36860Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS) vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute…

  • CVE-2022-50585Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and…

  • CVE-2020-36859Oct 30, 2025
    risk 0.00cvss epss 0.01

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing…

  • CVE-2021-47693Oct 30, 2025
    risk 0.00cvss epss 0.01

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing…

  • CVE-2021-47694Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting (XSS) vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…

  • CVE-2013-10073Oct 30, 2025
    risk 0.00cvss epss 0.04

    Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to…

  • CVE-2013-10072Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing…

  • CVE-2020-36857Oct 30, 2025
    risk 0.00cvss epss 0.02

    Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply…

Page 6 of 7