A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an a
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sa
Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should r
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in u
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface witho
Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that red
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibili
A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible
Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using insecure fil
Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access.
Missing Authorization vulnerability in Seers Seers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seers: from n/a through 8.1.1.
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized c
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attac
Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration da
Page 1+ Next →