VYPR

XI

by Nagios

CVEs (129)

  • CVE-2012-10063Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to…

  • CVE-2020-36856Oct 30, 2025
    risk 0.00cvss epss 0.02

    Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation of the `address` parameter allows an authenticated user with access to the Core Config Manager to inject shell…

  • CVE-2024-14002Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the…

  • CVE-2025-34284Oct 30, 2025
    risk 0.00cvss epss 0.04

    Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations.…

  • CVE-2024-13995Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes…

  • CVE-2025-34283Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.

  • CVE-2024-13994Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized…

  • CVE-2024-13999Oct 30, 2025
    risk 0.00cvss epss 0.02

    Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of…

  • CVE-2025-56432Aug 26, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for…

Page 7 of 7