Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

17 matches found

NCSC
NCSCadded 2025/11/03 8:27 a.m.5 views

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Versions before 2024R1.4.2 and 2024R2. The vulnerabilities include a remote code execution vulnerability within the Business Process Intelligence component, insufficient permissions on systemd unit files, unauthorized access to API keys, a command...

9.4CVSS8.9AI score0.01622EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/31 12:30 a.m.1 views

EUVD-2025-37210

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

9.4CVSS7.8AI score0.00993EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/31 12:30 a.m.4 views

EUVD-2020-30806

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

5.1CVSS5.7AI score0.00501EPSS
Exploits0References3
OSV
OSVadded 2025/10/30 10:15 p.m.0 views

CVE-2025-34134

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

7.2CVSS6.5AI score
Exploits0References3
NVD
NVDadded 2025/10/30 10:15 p.m.2 views

CVE-2025-34134

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

9.4CVSS0.00993EPSS
Exploits0References3
OSV
OSVadded 2025/10/30 10:15 p.m.0 views

CVE-2020-36865

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

5.4CVSS5.9AI score
Exploits0References2
Cvelist
Cvelistadded 2025/10/30 9:50 p.m.5 views

CVE-2020-36865 Nagios XI < 5.7.2 XSS via BPI Config Management

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

5.1CVSS0.00501EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/30 9:50 p.m.1 views

CVE-2020-36865 Nagios XI < 5.7.2 XSS via BPI Config Management

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

5.1CVSS5.8AI score0.00501EPSS
Exploits0References2
CVE
CVEadded 2025/10/30 9:50 p.m.5 views

CVE-2020-36865

Nagios XI

5.4CVSS5.8AI score0.00501EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/10/30 9:41 p.m.3 views

CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

9.4CVSS0.00993EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/10/30 9:41 p.m.1 views

CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

9.4CVSS8AI score0.00993EPSS
Exploits0References3
CVE
CVEadded 2025/10/30 9:41 p.m.8 views

CVE-2025-34134

CVE-2025-34134 – Nagios XI BPI RCE in pre-2024R1.4.2 . An authenticated administrator can abuse insufficient validation/sanitization of BPI configuration parameters (notably bpi_logfile and bpi_configfile) to create/overwrite files in the webroot and edit them via the BPI editor. If such files ha...

9.4CVSS8AI score0.00993EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/10/30 12:0 a.m.2 views

PT-2025-44548

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the Business Process Intelligence BPI component’s Config Management and Edit Config page. Insufficient validati...

5.4CVSS5.9AI score0.00501EPSS
Exploits0References4
Packet Storm
Packet Stormadded 2021/01/21 12:0 a.m.248 views

Nagios XI 5.7.5 Cross Site Scripting

Exploit Title: Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting Date: 1-20-2021 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

Exploits0
Exploit DB
Exploit DBadded 2021/01/21 12:0 a.m.343 views

Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting

Exploit Title: Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting Date: 1-20-2021 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

7.4AI score
Exploits0
NVD
NVDadded 2018/02/06 4:29 p.m.12 views

CVE-2015-3618

Cross-site scripting XSS vulnerability in Nagios Business Process Intelligence BPI before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php...

6.1CVSS6AI score0.0283EPSS
Exploits0References2
CNVD
CNVDadded 2015/05/07 12:0 a.m.2 views

Unspecified cross-site scripting vulnerability in Nagios Business Process Intelligence (BPI) index.php

Nagios is an open source free network monitoring tool , can effectively monitor Windows, Linux and Unix host status , switches routers and other network settings , printers and so on. Nagios Business Process Intelligence index.php cross-site scripting vulnerability , allowing remote attackers to...

6.1CVSS6.2AI score0.0283EPSS
Exploits0References1
Rows per page
Query Builder