Vulnerabilidades en Nagios
117 resultadosCVE-2018-15708—Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.EPSS 89.4%CVE-2026-2041HIGHNagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution VulnerabilityEPSS 74.6%CVE-2026-2043HIGHNagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution VulnerabilityEPSS 74.2%CVE-2018-15712—Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.EPSS 48.6%CVE-2018-15710—Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.EPSS 44.1%CVE-2018-15711—Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then usEPSS 36.0%CVE-2025-34227HIGHNagios XI < 2026R1 Configuration Wizard Authenticated Command InjectionEPSS 25.9%CVE-2018-15709—Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.EPSS 21.0%CVE-2025-44823CRITICALNagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.phEPSS 15.6%CVE-2021-33177—The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the maliciouEPSS 9.8%CVE-2018-15713—Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.EPSS 7.2%CVE-2026-2042HIGHNagios Host monitoringwizard Command Injection Remote Code Execution VulnerabilityEPSS 5.5%CVE-2025-34322HIGHNagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language QueriesEPSS 4.6%CVE-2021-33179—The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticaEPSS 4.3%CVE-2024-14005CRITICALNagios XI < 2024R1.2 Command Injection via Docker WizardEPSS 3.8%CVE-2025-34284CRITICALNagios XI < 2024R2 Authenticated Command Injection via WinRM PluginEPSS 3.8%CVE-2018-15714—Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.EPSS 3.8%CVE-2013-10073HIGHNagios XI < 2012R1.6 Auto-Discovery Shell Command InjectionEPSS 3.2%CVE-2025-44824HIGHNagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagiosloEPSS 2.7%CVE-2020-36867HIGHNagios XI < 5.7.3 Command Injection in Report PDF DownloadEPSS 2.4%