Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
nagvis
17035.4%HIGH

Related CVEs

7
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-39665User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.MEDIUM6.912.3%Dec 3, 2025
CVE-2024-47090Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSSMEDIUM5.18.4%May 27, 2025
CVE-2024-38866Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injectionMEDIUM5.323.3%May 27, 2025
CVE-2024-47093Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSSMEDIUM6.139.9%Dec 19, 2024
CVE-2023-46287XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.MEDIUM6.139.0%Oct 20, 2023
CVE-2022-46945Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.MEDIUM6.589.6%May 26, 2023
CVE-2022-3979A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability.HIGH8.1Nov 13, 2022