Nagios Log_server
23 CVEs affecting Nagios Log_server. Latest disclosed: 2025-11-17. Critical: 4, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-44823 | Critical | 9.9 | 2025-10-07 | Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_us… |
CVE-2025-34277 | Critical | 9.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before bei… |
CVE-2025-34274 | Critical | 9.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the r… |
CVE-2025-34271 | Critical | 9.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes o… |
CVE-2025-34298 | High | 8.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own em… |
CVE-2025-44824 | High | 8.5 | 2025-10-07 | Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagioslogserver/index.php/a… |
CVE-2025-29471 | High | 8.3 | 2025-04-15 | Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. |
CVE-2023-7322 | High | 8.1 | 2025-10-30 | Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless abl… |
CVE-2025-34323 | High | 7.8 | 2025-11-17 | Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable ap… |
CVE-2024-58273 | High | 7.8 | 2025-10-30 | Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apa… |
CVE-2025-34322 | High | 7.2 | 2025-11-17 | Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature… |
CVE-2025-34273 | Medium | 6.5 | 2025-10-30 | Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards… |
CVE-2025-34272 | Medium | 6.5 | 2025-10-30 | In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an emp… |
CVE-2020-25385 | Medium | 6.1 | 2021-01-20 | Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter… |
CVE-2019-15898 | Medium | 6.1 | 2019-09-03 | Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. |
CVE-2023-7323 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of us… |
CVE-2023-7321 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was not safely encoded fo… |
CVE-2020-36858 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Ho… |
CVE-2016-15049 | Medium | 5.4 | 2025-10-30 | Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table… |
CVE-2021-35479 | Medium | 5.4 | 2021-07-30 | Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. Th… |