Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.
Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected int
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying craft
Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate
Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access
A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Setti
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorpo
Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to in
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled i
CVE-2020-36856
CRITICAL CVSS 9.4
Find Similar
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation of the `address` parameter allows an auth
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was i
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject an
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Capacity Planning Report component. Insufficient validation or escaping of user-supplied input may allow an
Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site scripting (XSS) via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may allow a
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient valid
CVE-2024-14008
CRITICAL CVSS 9.4
Find Similar
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated admini
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacke
Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are
Page 1+ Next →