Lucene search
K

1633 matches found

Nuclei
Nuclei
added yesterday41 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

9CVSS7.5AI score0.71737EPSS
Exploits7References5
OSV
OSV
added 2026/06/12 3:27 p.m.6 views

MAL-2026-5698 Malicious code in nagios-xi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c11c80cc2d314460d61a649c84fd75881388470382be8183b77b362e562a5c7f On import nagiosxi, the package's init.py lines 5-8 invokes socket.gethostbyname"atlass-check.autaeqjhfowvnnmkwhxjtq8x39d8nder1.oast.fun" inside a...

6.1AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/17 9:24 p.m.140 views

Exploit for OS Command Injection in Nagios Nagios_Xi

Nagios-CVE-2019-15949-RCE-Poc a python PoC for the CVE-2019-15...

9CVSS5.8AI score0.77741EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.10 views

Nagios XI < 2026R1.0.1 Multiple Vulnerabilities

According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this...

8.8CVSS7.6AI score0.74605EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

7.2CVSS8.5AI score0.06058EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.5 views

CVE-2023-40932

A Cross-site scripting XSS vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

5.4CVSS6AI score0.01984EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.6 views

CVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the updatebannermessage function...

8.8CVSS8.5AI score0.05335EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.10 views

CVE-2021-33177

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries...

8.8CVSS8AI score0.09817EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.9 views

CVE-2021-33179

The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload...

6.1CVSS6.4AI score0.04289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.16 views

CVE-2022-38254

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...

6.1CVSS6.1AI score0.01717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.15 views

CVE-2019-12279

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that...

9.8CVSS7.9AI score0.0422EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.13 views

CVE-2025-67254

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php...

7.5CVSS6.9AI score0.01718EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/30 1:2 a.m.6 views

CVE-2025-67255

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability...

8.8CVSS7.8AI score0.00929EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/29 9:30 p.m.4 views

EUVD-2025-205636

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php...

6.4AI score0.01718EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/29 9:30 p.m.5 views

EUVD-2025-205635

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability...

7.2AI score0.00929EPSS
Exploits0References3
OSV
OSV
added 2025/12/29 7:15 p.m.5 views

CVE-2025-67255

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability...

8.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2025/12/29 7:15 p.m.6 views

CVE-2025-67255

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability...

8.8CVSS0.00929EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/29 12:0 a.m.20 views

CVE-2025-67254

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php...

0.01718EPSS
Exploits0References2
CVE
CVE
added 2025/12/29 12:0 a.m.15 views

CVE-2025-67255

CVE-2025-67255 affects NagiosXI 2026R1.0.1 build 1762361101. The issue is due to dashboard parameters not being properly filtered, enabling an SQL Injection by any authenticated user. The CVSSv3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, PRIVILEGES REQUIRED: LOW...

8.8CVSS7.4AI score0.00929EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.3 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2026R1.0.1, which stems from a directory traversal in...

7.5CVSS5.8AI score0.01718EPSS
Exploits0References2
Rows per page
Query Builder