Nagios Xi
77 CVEs affecting Nagios Xi. Latest disclosed: 2025-11-03. Critical: 5, High: 25.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-14003 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient… |
CVE-2024-13999 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticat… |
CVE-2024-13996 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-exis… |
CVE-2024-13994 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, an… |
CVE-2012-10063 | Critical | 9.8 | 2025-10-30 | Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could… |
CVE-2025-34284 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an… |
CVE-2024-14005 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wiza… |
CVE-2024-14004 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user… |
CVE-2024-13995 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed pa… |
CVE-2023-7317 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or i… |
CVE-2021-47693 | High | 8.8 | 2025-10-30 | The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Un… |
CVE-2020-36867 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the P… |
CVE-2020-36863 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not prop… |
CVE-2020-36859 | High | 8.8 | 2025-10-30 | The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pag… |
CVE-2020-36856 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation… |
CVE-2018-25122 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe comman… |
CVE-2016-15050 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorpor… |
CVE-2013-10073 | High | 8.8 | 2025-10-30 | Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell wit… |
CVE-2025-34287 | High | 7.8 | 2025-10-30 | Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios user but owned by www-… |
CVE-2021-47700 | High | 7.8 | 2025-10-30 | Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local o… |