Lucene search
K

3613 matches found

Nuclei
Nuclei
added yesterday110 views

NagiosXI <= 5.4.12 `commandline.php` SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. id: CVE-2018-10735 info: name: NagiosXI = 5.4.12 commandline.php SQL injection author: DhiyaneshDk severity: high description: | A SQL injection issue was discovered in Nagios XI before...

7.2CVSS7AI score0.42556EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday72 views

Nagios XI <5.8.5 - Open Redirect

Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-29272 info: name: Nagios XI 5.8.5 - Open Redirect...

6.1CVSS6.4AI score0.03862EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday60 views

NagiosXI <= 5.4.12 - SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. id: CVE-2018-10736 info: name: NagiosXI = 5.4.12 - SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the...

7.2CVSS7AI score0.42556EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday87 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

9CVSS7.2AI score0.71536EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday79 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

9CVSS7.2AI score0.74979EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago81 views

Nagios XI 5.7.5 - Cross-Site Scripting

Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with th...

6.1CVSS6.7AI score0.97714EPSS
Exploits3References5
OSV
OSV
added 2026/07/02 8:23 p.m.2 views

GHSA-8W6W-23MQ-H8RG Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments

Summary In the Debian.sudoers file, apt-get is allowed for the nagios user. The full command including the arguments are not enforced and can therefore be choosen arbitrarily. This allows to easily get a root shell as the nagios user: PoC By choosing a particular argument, you can get as a nagios...

8.4CVSS5.8AI score
Exploits0References2
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.45 views

Nagios XI < 5.8.6 - Cross-Site Scripting

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard. id: CVE-2021-38156 info: name: Nagios XI 5.8.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | In Nagios XI before 5.8.6, XSS exists in the...

5.4CVSS6AI score0.88939EPSS
Exploits1References2
OSV
OSV
added 2026/06/12 3:27 p.m.11 views

MAL-2026-5698 Malicious code in nagios-xi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c11c80cc2d314460d61a649c84fd75881388470382be8183b77b362e562a5c7f On import nagiosxi, the package's init.py lines 5-8 invokes socket.gethostbyname"atlass-check.autaeqjhfowvnnmkwhxjtq8x39d8nder1.oast.fun" inside a...

6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-24893

openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...

8.8CVSS6.4AI score0.01398EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.17 views

Debian dsa-6308 : nagios4 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6308 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6308-1 [email protected] https://www.debian.org/security/...

5.7AI score
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 8:37 p.m.23 views

CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...

8.8CVSS0.01398EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/17 9:24 p.m.153 views

Exploit for OS Command Injection in Nagios Nagios_Xi

Nagios-CVE-2019-15949-RCE-Poc a python PoC for the CVE-2019-15...

9CVSS5.8AI score0.77741EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.7 views

CVE-2026-2043

Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...

8.8CVSS6.6AI score0.74172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.4 views

CVE-2026-2041

Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...

8.8CVSS6.6AI score0.74605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.5 views

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.6AI score0.05517EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 11:16 p.m.4 views

CVE-2026-2043

Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...

8.8CVSS6.4AI score0.74172EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 11:16 p.m.4 views

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.4AI score0.05517EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 11:16 p.m.5 views

CVE-2026-2041

Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...

8.8CVSS0.74605EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 11:16 p.m.4 views

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS0.05517EPSS
Exploits0References2
Rows per page
Query Builder