EUVD-2025-205636

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php...

org.apache.causeway.core:causeway-core-config (=4.0.0-M1), org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1) +105 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (=4.0.0-M1)

org.apache.causeway.core:causeway-applib MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - org.apache.causeway.core:causeway-core-config =4.0.0-M1 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +135 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-config (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-config MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-config and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI Versions before 2024R1.4.2 and 2024R2. The vulnerabilities include a remote code execution vulnerability within the Business Process Intelligence component, insufficient permissions on systemd unit files, unauthorized access to API keys, a command...

CVE-2021-47694

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting XSS vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...

CVE-2021-47690

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

CVE-2021-47689

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...

CVE-2021-47691

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...

CVE-2022-50584

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

CVE-2022-50585

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...

CVE-2020-36861

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

CVE-2021-47693

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...

CVE-2025-34286

Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager CCM Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are...

CVE-2020-36859

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...

CVE-2020-36856

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

EUVD-2025-37209

Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager CCM Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are...

EUVD-2021-34707

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...

EUVD-2021-34706

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...

EUVD-2021-34710

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...