Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/27 6:31 p.m.2 views

EUVD-2025-36198

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

8.6CVSS6.5AI score0.02035EPSS
Exploits0References4
OSV
OSVadded 2025/10/27 4:15 p.m.1 views

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

8.6CVSS5.8AI score0.02035EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/10/27 12:0 a.m.11 views

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

6.7AI score0.02035EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/10/27 12:0 a.m.4 views

Nagios Fusion 安全漏洞

Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions v2024R1.2 and v2024R2 that stems from failure to invalidate an existing session token when enabling two-factor authentication, which could...

8.6CVSS6.4AI score0.02035EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/10/27 12:0 a.m.4 views

CVE-2025-60424

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack...

0.0008EPSS
Exploits0References3
CVE
CVEadded 2025/10/27 12:0 a.m.11 views

CVE-2025-60425

CVE-2025-60425 affects Nagios Fusion v2024R1.2 and v2024R2. The root cause is failure to invalidate existing session tokens when two-factor authentication is enabled, enabling session hijacking attacks. The CVSSv3.1 base score is 8.6 (HIGH) with network attack vector, no user interaction, and no ...

8.6CVSS6.7AI score0.02035EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2025/10/27 12:0 a.m.7 views

CVE-2025-60424

CVE-2025-60424 affects Nagios Fusion versions 2024R1.2 and 2024R2. The root cause is a lack of rate limiting in the OTP verification component, which allows authentication bypass via brute-force attempts. Affected product: Nagios Fusion; the issue is documented across multiple sources (Red Hat CG...

7.6CVSS6.7AI score0.0008EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/08/26 12:0 a.m.1 views

PT-2025-34786 · Nagios Enterprises · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 2024R2 Description: A cross-site scripting XSS vulnerability exists that allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in ...

6.1CVSS5.8AI score0.00624EPSS
Exploits0References6
Rows per page
Query Builder