CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3560 matches found

NagiosXI <= 5.4.12 `commandline.php` SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. id: CVE-2018-10735 info: name: NagiosXI = 5.4.12 commandline.php SQL injection author: DhiyaneshDk severity: high description: | A SQL injection issue was discovered in Nagios XI before...

7.2CVSS7.2AI score0.86271EPSS

Exploits2References2

Nuclei•added 15 hours ago•44 views

Nagios XI <5.8.5 - Open Redirect

Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-29272 info: name: Nagios XI 5.8.5 - Open Redirect...

6.1CVSS6.4AI score0.04103EPSS

Exploits0References5

Nuclei•added 15 hours ago•37 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

9CVSS7.6AI score0.75157EPSS

Exploits5References5

Nuclei•added 15 hours ago•37 views

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...

9CVSS7.6AI score0.93287EPSS

Exploits7References5

Nuclei•added yesterday•20 views

Nagios XI < 5.8.6 - Cross-Site Scripting

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard. id: CVE-2021-38156 info: name: Nagios XI 5.8.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | In Nagios XI before 5.8.6, XSS exists in the...

5.4CVSS6AI score0.84015EPSS

Exploits1References2

Nuclei•added 3 days ago•38 views

Nagios XI 5.7.5 - Cross-Site Scripting

Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with th...

6.1CVSS6.9AI score0.85159EPSS

Exploits3References5

Nuclei•added 5 days ago•32 views

NagiosXI <= 5.4.12 - SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. id: CVE-2018-10736 info: name: NagiosXI = 5.4.12 - SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the...

7.2CVSS7.2AI score0.83161EPSS

Exploits2References3

Tenable Nessus•added 5 days ago•6 views

Debian dsa-6308 : nagios4 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6308 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6308-1 [email protected] https://www.debian.org/security/...

5.7AI score

Exploits0References3

Cvelist•added 2026/04/14 8:37 p.m.•14 views

CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on th...

8.8CVSS0.00407EPSS

Exploits0References3

GithubExploit•added 2026/03/17 9:24 p.m.•111 views

Exploit for OS Command Injection in Nagios Nagios_Xi

Nagios-CVE-2019-15949-RCE-Poc a python PoC for the CVE-2019-15...

9CVSS5.8AI score0.86916EPSS

Exploits13

RedhatCVE•added 2026/02/22 1:28 a.m.•3 views

CVE-2026-2043

Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...

8.8CVSS6.6AI score0.01805EPSS

Exploits0References1

RedhatCVE•added 2026/02/22 1:28 a.m.•2 views

CVE-2026-2041

Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...

8.8CVSS6.6AI score0.02074EPSS

Exploits0References1

RedhatCVE•added 2026/02/22 1:28 a.m.•2 views

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.6AI score0.02074EPSS

Exploits0References1