Nagios Nagios_xi
194 CVEs affecting Nagios Nagios_xi. Latest disclosed: 2026-02-20. Critical: 27, High: 70.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-14003 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient… |
CVE-2024-13999 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticat… |
CVE-2024-13996 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-exis… |
CVE-2024-13994 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, an… |
CVE-2012-10063 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could… |
CVE-2024-33775 | Critical | 9.8 | 2024-05-01 | An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. |
CVE-2024-24402 | Critical | 9.8 | 2024-02-26 | An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. |
CVE-2024-24401 | Critical | 9.8 | 2024-02-26 | SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php compone… |
CVE-2023-48085 | Critical | 9.8 | 2023-12-14 | Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. |
CVE-2023-48084 | Critical | 9.8 | 2023-12-14 | Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. |
CVE-2022-38250 | Critical | 9.8 | 2022-09-07 | Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. |
CVE-2021-36366 | Critical | 9.8 | 2021-09-28 | Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. |
CVE-2021-36365 | Critical | 9.8 | 2021-09-28 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. |
CVE-2021-36364 | Critical | 9.8 | 2021-09-28 | Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. |
CVE-2021-36363 | Critical | 9.8 | 2021-09-28 | Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. |
CVE-2021-37350 | Critical | 9.8 | 2021-08-13 | Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation. |
CVE-2020-28910 | Critical | 9.8 | 2021-05-24 | Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are… |
CVE-2020-28900 | Critical | 9.8 | 2021-05-24 | Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code E… |
CVE-2021-3193 | Critical | 9.8 | 2021-01-26 | Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to… |
CVE-2020-15903 | Critical | 9.8 | 2020-09-09 | An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were… |