Nagios Xi

77 CVEs affecting Nagios Xi. Latest disclosed: 2025-11-03. Critical: 5, High: 25.

Top CVEs affecting Nagios Xi
CVESeverityScorePublishedSummary
CVE-2024-14003Critical9.82025-10-30Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient…
CVE-2024-13999Critical9.82025-10-30Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticat…
CVE-2024-13996Critical9.82025-10-30Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-exis…
CVE-2024-13994Critical9.82025-10-30Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, an…
CVE-2012-10063Critical9.82025-10-30Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could…
CVE-2025-34284High8.82025-10-30Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an…
CVE-2024-14005High8.82025-10-30Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wiza…
CVE-2024-14004High8.82025-10-30Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user…
CVE-2024-13995High8.82025-10-30Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed pa…
CVE-2023-7317High8.82025-10-30Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or i…
CVE-2021-47693High8.82025-10-30The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Un…
CVE-2020-36867High8.82025-10-30Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the P…
CVE-2020-36863High8.82025-10-30Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not prop…
CVE-2020-36859High8.82025-10-30The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pag…
CVE-2020-36856High8.82025-10-30Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation…
CVE-2018-25122High8.82025-10-30Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe comman…
CVE-2016-15050High8.82025-10-30Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorpor…
CVE-2013-10073High8.82025-10-30Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell wit…
CVE-2025-34287High7.82025-10-30Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-…
CVE-2021-47700High7.82025-10-30Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local o…