Filtered by vendor Nagios
Subscriptions
Filtered by product Xi
Subscriptions
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34227 | 1 Nagios | 2 Nagios Xi, Xi | 2025-10-14 | 8.8 High |
| Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user. | ||||
| CVE-2025-56432 | 1 Nagios | 3 Nagios, Nagios Xi, Xi | 2025-09-09 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data. | ||||
| CVE-2012-10029 | 1 Nagios | 3 Nagios, Nagios Xi, Xi | 2025-08-06 | N/A |
| Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution. | ||||
| CVE-2023-48082 | 1 Nagios | 2 Nagios Xi, Xi | 2025-07-10 | 9.1 Critical |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||