CVE-2021-33178

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system...

EUVD-2021-19893

Malware in sbrugna...

EUVD-2017-15450

Malware in sbrugna...

EUVD-2022-49724

Malicious code in bioql PyPI...

EUVD-2024-54988

Malicious code in bioql PyPI...

CVE-2024-38866 Livestatus Injection in dynmaps

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection...

CVE-2024-38866

CVE-2024-38866 affects Nagvis prior to 1.9.47, with vulnerability described as improper neutralization of input that enables livestatus injection. The initial entry provides CVSS metrics (NVD 7.5/High; in some sources CVSS 3.1) and a Debian LTS advisory noting fixes in Nagvis 1.9.25-2+deb11u2 for...

CVE-2024-38866

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection...

CVE-2022-3979

A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated...

Remote Code Execution

NagVis is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability of an authenticated administrator to upload a malicious PHP file and modify configuration settings, and attackers can exploit this to execute arbitrary PHP code on the server...

CVE-2022-46945

Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php...

DEBIAN-CVE-2024-13722

The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users...

CVE-2024-13722

Summary: CVE-2024-13722 affects the NagVis component in Checkmk. A reflected XSS vulnerability allows an attacker to craft a malicious link that injects JavaScript into the victim’s browser, executable for both authenticated and unauthenticated users. The issue stems from reflected output of the ...

CVE-2024-13723

The CVE-2024-13723 issue affects the NagVis component bundled with Checkmk. Affected: NagVis/Checkmk prior to remediation versions. Root cause: an authenticated admin can upload a crafted map configuration (e.g., exploit.cfg) via the Map module’s import path, bypassing validation, then manipulate...

CVE-2024-13723

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP...

Cross-Site Scripting (XSS)

NagVis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input fields before rendering, and attackers can exploit this to inject and execute arbitrary JavaScript code in the context of the victim’s browser...

CVE-2024-47093

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS...

CVE-2024-47093

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS...

CVE-2023-46287

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php...

NagVis 代码问题漏洞

NagVis is a program from NagVis Open Source. Used to visualize your chosen monitoring core data in a user-friendly way. A code issue vulnerability exists in NagVis 1.9.33 and earlier versions, which stems from an affected function checkAuthCookie in the file...