Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-7318 2025-10-30 N/A 0.0 Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site scripting (XSS) via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may…
CVE-2023-7317 2025-10-30 N/A 0.0 Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without…
CVE-2023-7316 2025-10-30 N/A 0.0 Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…
CVE-2023-7315 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…
CVE-2023-7314 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bandwidth Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…
CVE-2023-7313 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to…
CVE-2023-7312 2025-10-30 N/A 0.0 Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the…
CVE-2023-53690 2025-10-30 N/A 0.0 Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative…
CVE-2023-53689 2025-10-30 N/A 0.0 Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the…
CVE-2023-53688 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that…
CVE-2022-50588 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the update checking feature. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…
CVE-2022-50587 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) via the Apply Configuration error text. Insufficient validation or escaping of user-supplied input may allow an attacker to…
CVE-2022-50586 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow…
CVE-2022-50585 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page…
CVE-2022-50584 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient…
CVE-2021-47700 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or…
CVE-2021-47699 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting (XSS) via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an…
CVE-2021-47697 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to…
CVE-2021-47696 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…
CVE-2021-47695 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient validation or escaping of user-supplied input may allow an attacker to…
CVE-2021-47694 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting (XSS) vulnerability via the Test Command functionality. Insufficient…
CVE-2021-47693 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied…
CVE-2021-47691 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities via the Services page affecting the…
CVE-2021-47690 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities in Overlay modals. Insufficient validation…
CVE-2021-47689 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting (XSS) vulnerability in the Templates pages, specifically in…
CVE-2020-36869 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface.…
CVE-2020-36868 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using insecure file/command handling and insufficient…
CVE-2020-36867 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes…
CVE-2020-36866 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow…
CVE-2020-36865 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the BPI (Business Process Intelligence) component’s Config Management and Edit Config page. Insufficient validation or escaping of…
CVE-2020-36864 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker…
CVE-2020-36863 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file…
CVE-2020-36862 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could (1) inject script into exported/returned content due to insufficient output encoding…
CVE-2020-36861 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements…
CVE-2020-36860 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS) vulnerabilities in the object edit pages.…
CVE-2020-36859 2025-10-30 N/A 0.0 The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized…
CVE-2020-36858 2025-10-30 N/A 0.0 Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation…
CVE-2020-36857 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface.…
CVE-2020-36856 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation of the `address` parameter allows an authenticated user…
CVE-2018-25123 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access…
CVE-2018-25122 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient…
CVE-2018-25121 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an…
CVE-2018-25119 2025-10-30 N/A 0.0 Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and…
CVE-2017-20209 2025-10-30 N/A 0.0 Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…
CVE-2016-15053 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may…
CVE-2016-15052 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow…
CVE-2016-15051 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of…
CVE-2016-15050 2025-10-30 N/A 0.0 Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing…
CVE-2016-15049 2025-10-30 N/A 0.0 Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table. Untrusted log content…
CVE-2013-10074 2025-10-30 N/A 0.0 Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an…
« Anterior Página 329 de 3934 Siguiente »