CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

CVE-2022-50587 Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2018-25123

CVE-2018-25123 affects Nagios XI versions prior to 5.5.7, with a privilege escalation flaw in the MRTG graphing component. MRTG-related processes run with excessive privileges, enabling a local attacker with limited access to abuse file/command paths or writable resources to gain elevated privile...

EUVD-2020-3226

Malware in sbrugna...

EUVD-2018-12738

Malware in sbrugna...

EUVD-2019-18543

Malware in sbrugna...

EUVD-2023-45473

Malicious code in bioql PyPI...

CVE-2020-6586

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered...

CVE-2020-35578

An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands...

CVE-2025-29471

Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field...

CVE-2024-54959

Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery CSRF attack through the Favorites component, enabling POST-based Cross-Site Scripting XSS...