Lucene search
K

6 matches found

CVE
CVE
added 2025/11/03 9:53 p.m.13 views

CVE-2024-13998

CVE-2024-13998 affects Nagios XI prior to 2024R1.1.3. The vulnerability leads to authenticated users improperly gaining access to sensitive data (API keys and password hashes) that should be restricted, potentially enabling account compromise or API privilege abuse. The underlying issue is disclo...

6.5CVSS6AI score0.01187EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.7 views

PT-2025-44800

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3 Description Nagios XI versions prior to 2024R1.1.3 have a flaw that allows an authenticated administrator to gain root privileges on the host system. This is achieved by exploiting the Migrate Server...

9.4CVSS7AI score0.01103EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.8 views

PT-2025-44801

Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...

8.8CVSS6.3AI score0.01187EPSS
Exploits0References5
OSV
OSV
added 2025/10/30 10:15 p.m.2 views

CVE-2024-14001

Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS5.9AI score0.00535EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:52 p.m.15 views

CVE-2024-14001

Nagios XI prior to 2024R1.1.3 is vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. The root cause is insufficient validation or escaping of user-supplied input in that component, allowing an attacker to inject and execute arbitrary script in a victim’s browser. ...

5.4CVSS5.8AI score0.00535EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:44 p.m.15 views

CVE-2024-13996 Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.2CVSS0.00964EPSS
Exploits0References3
Rows per page
Query Builder