Known Vulnerabilities for products from Nagios
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nagios".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-24893 json | Not Provided | 2026-04-14 | 2026-04-15 | |
| CVE-2023-40934 json | A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host esc... | 7.2 - HIGH | 2023-09-19 | 2023-09-22 |
| CVE-2023-40933 json | A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configur... | 8.8 - HIGH | 2023-09-19 | 2023-09-22 |
| CVE-2023-40932 json | A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access t... | 5.4 - MEDIUM | 2023-09-19 | 2023-09-22 |
| CVE-2023-40931 json | A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to e... | 6.5 - MEDIUM | 2023-09-19 | 2023-09-22 |
| CVE-2022-38254 json | Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3... | 6.1 - MEDIUM | 2022-09-07 | 2022-09-09 |
| CVE-2022-38251 json | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings pag... | 4.8 - MEDIUM | 2022-09-07 | 2022-09-09 |
| CVE-2022-38250 json | Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. | 9.8 - CRITICAL | 2022-09-07 | 2022-09-09 |
| CVE-2022-38249 json | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. | 6.1 - MEDIUM | 2022-09-07 | 2022-09-09 |
| CVE-2022-38248 json | Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. | 6.1 - MEDIUM | 2022-09-07 | 2022-09-09 |
| CVE-2022-38247 json | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the ... | 4.8 - MEDIUM | 2022-09-07 | 2022-09-09 |
| CVE-2022-29272 json | In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | 6.1 - MEDIUM | 2022-06-29 | 2022-07-08 |
| CVE-2022-29271 json | In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for a... | 6.5 - MEDIUM | 2022-06-29 | 2023-08-08 |
| CVE-2022-29270 json | In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | 4.3 - MEDIUM | 2022-06-29 | 2023-08-08 |
| CVE-2022-29269 json | In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead ... | 6.5 - MEDIUM | 2022-06-29 | 2023-08-08 |
| CVE-2021-43584 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2024-01-24 | 2024-01-31 |
| CVE-2021-40345 json | An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZI... | 7.2 - HIGH | 2021-10-26 | 2022-11-08 |
| CVE-2021-40344 json | An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload fi... | 7.2 - HIGH | 2021-10-26 | 2021-11-02 |
| CVE-2021-40343 json | An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user t... | 7.8 - HIGH | 2021-10-26 | 2021-11-01 |
| CVE-2021-38156 json | In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashb... | 5.4 - MEDIUM | 2021-09-15 | 2021-09-27 |
Known software with vulnerabilities from Nagios
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Nagios | Business Process Intelligence | 2.3.4 |
| Application | Nagios | Favorites | - |
| Application | Nagios | Fusion | 4.0.0 |
| Application | Nagios | Incident Manager | 2.0.0 |
| Application | Nagios | Log Server | - |
| Application | Nagios | Nagios | 2.0.1 |
| Application | Nagios | Nagios Core | 1.0.0 |
| Application | Nagios | Nagios Xi | 2009 |
| Application | Nagios | Plugins | 1.3.0 |
| Application | Nagios | Remote Plugin Executor | 2.15 |
| Application | Nagios | Remote Plug In Executor | 1.3 |