CVE-2025-12418

Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of...

CVE-2025-12418 Potential Denial of Service in Supported Versions of Revenera InstallShield

Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of...

CVE-2025-34284

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2025-34284

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 2024R2 that stems from the WinRM plug-in not...

PT-2025-44524

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R2 Description Nagios XI versions prior to 2024R2 contain an improperly owned script, process perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable b...

EUVD-2025-36198

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

EUVD-2025-36197

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack...

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

Nagios Fusion 安全漏洞

Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions v2024R1.2 and v2024R2 that stems from failure to invalidate an existing session token when enabling two-factor authentication, which could...

CVE-2025-60424

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack...

CVE-2025-60425

CVE-2025-60425 affects Nagios Fusion v2024R1.2 and v2024R2. The root cause is failure to invalidate existing session tokens when two-factor authentication is enabled, enabling session hijacking attacks. The CVSSv3.1 base score is 8.6 (HIGH) with network attack vector, no user interaction, and no ...

CVE-2025-60424

CVE-2025-60424 affects Nagios Fusion versions 2024R1.2 and 2024R2. The root cause is a lack of rate limiting in the OTP verification component, which allows authentication bypass via brute-force attempts. Affected product: Nagios Fusion; the issue is documented across multiple sources (Red Hat CG...

PT-2025-43978

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions 2024R1.2 and 2024R2 Description Nagios Fusion versions 2024R1.2 and 2024R2 do not invalidate existing session tokens when two-factor authentication is enabled. This allows an attacker to potentially hijack active session...

EUVD-2025-28614

Malicious code in bioql PyPI...

CVE-2025-56432

A cross-site scripting XSS vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-relat...

PT-2025-34786 · Nagios Enterprises · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 2024R2 Description: A cross-site scripting XSS vulnerability exists that allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in ...

CVE-2025-56432

CVE-2025-56432 affects Nagios XI 2024R2. A cross-site scripting (XSS) vulnerability exists in a web component that renders performance-related data, allowing remote attackers to run arbitrary JavaScript in the context of a logged-in user via a specially crafted URL. The PT-2025-34786 entry confir...