Lucene search
K

312 matches found

Vulnrichment
Vulnrichment
added 2025/11/17 5:48 p.m.4 views

CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...

8.6CVSS7.1AI score0.04701EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/17 5:48 p.m.6 views

EUVD-2025-197845

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability via the experimental 'Natural Language Queries' feature. Configuration values for this feature are read from the application settings and incorporated into a system command without adequate...

8.6CVSS7.5AI score0.04701EPSS
Exploits0References4
CVE
CVE
added 2025/11/17 5:48 p.m.19 views

CVE-2025-34322

Nagios Log Server (before 2026R1.0.1) is affected by an authenticated command-injection in the experimental Natural Language Queries feature. The issue arises when user-controlled settings (including model selection and connection parameters) are read from global configuration and concatenated in...

8.6CVSS7.5AI score0.04701EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.4 views

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios, Inc. A security vulnerability exists in Nagios Log Server versions prior to 2026R1.0.1, which stems from an insecure interaction between sudo rules and filesystem permissions, which could le...

8.5CVSS6.2AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.9 views

PT-2025-47178

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have an authenticated command injection issue through the 'Natural Language Queries' feature. The application reads configuration values...

8.6CVSS7.7AI score0.04701EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.9 views

PT-2025-47192

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have a local privilege escalation issue. This is due to an unsafe interaction between sudo rules and file system permissions. The web...

8.5CVSS7.7AI score0.0029EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.5 views

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios Corporation. A security vulnerability exists in Nagios Log Server versions prior to 2026R1.0.1, which stems from a command injection vulnerability in the experimental Natural Language Queries...

8.6CVSS7.5AI score0.04701EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.8 views

CVE-2016-15049

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

5.4CVSS6AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.9 views

CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS6.2AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.8 views

CVE-2023-7321

Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting XSS via the Snapshots Page. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser within the application...

5.4CVSS6AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.8 views

CVE-2025-34272

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

6.5CVSS6.6AI score0.00783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.10 views

CVE-2025-34270

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...

6.9CVSS6.8AI score0.00571EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.15 views

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.4CVSS6.3AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.4 views

CVE-2023-7322

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

8.7CVSS6.5AI score0.00972EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.6 views

CVE-2025-34298

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...

8.8CVSS7AI score0.00643EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2025-34271

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

9.8CVSS6.7AI score0.00678EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2025-34273

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

7.1CVSS6.8AI score0.00937EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.8CVSS8.3AI score0.01965EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.6 views

CVE-2024-58272

Nagios Log Server versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability where an attacker-supplied username containing JavaScript is stored and later rendered without proper encoding/escaping in admin or user-facing pages. When an authenticated victim loads the affected...

5.4CVSS5.6AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.6 views

CVE-2024-58273

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...

8.5CVSS7.4AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder