Nagios Nagios_xi

194 CVEs affecting Nagios Nagios_xi. Latest disclosed: 2026-02-20. Critical: 27, High: 70.

Top CVEs affecting Nagios Nagios_xi
CVESeverityScorePublishedSummary
CVE-2024-14003Critical9.82025-10-30Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient…
CVE-2024-13999Critical9.82025-10-30Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticat…
CVE-2024-13996Critical9.82025-10-30Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-exis…
CVE-2024-13994Critical9.82025-10-30Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, an…
CVE-2012-10063Critical9.82025-10-30Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could…
CVE-2024-33775Critical9.82024-05-01An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.
CVE-2024-24402Critical9.82024-02-26An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
CVE-2024-24401Critical9.82024-02-26SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php compone…
CVE-2023-48085Critical9.82023-12-14Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
CVE-2023-48084Critical9.82023-12-14Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
CVE-2022-38250Critical9.82022-09-07Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
CVE-2021-36366Critical9.82021-09-28Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
CVE-2021-36365Critical9.82021-09-28Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
CVE-2021-36364Critical9.82021-09-28Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
CVE-2021-36363Critical9.82021-09-28Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
CVE-2021-37350Critical9.82021-08-13Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
CVE-2020-28910Critical9.82021-05-24Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are…
CVE-2020-28900Critical9.82021-05-24Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code E…
CVE-2021-3193Critical9.82021-01-26Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to…
CVE-2020-15903Critical9.82020-09-09An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were…