threat
engine
.sh
Back
·
··:··
Home
/
Product
/
icinga
Product
icinga
49 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-24414
< 1.11.2
The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows env
5.5
MEDIUM
CVE-2026-24413
>= 2.3.0 and < 2.13.14
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Ici
5.5
MEDIUM
CVE-2025-61909
>= 2.10.0 and < 2.13.13
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used
4.4
MEDIUM
CVE-2025-61908
>= 2.10.0 and < 2.13.13
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid referenc
6.5
MEDIUM
CVE-2025-61907
>= 2.4.0 and < 2.13.13
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various
6.5
MEDIUM
CVE-2025-61789
< 1.1.4
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icin
5.3
MEDIUM
CVE-2025-53840
>= 1.2.0 and < 1.2.2
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users wi
2.4
LOW
CVE-2025-48057
< 2.12.12
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates perfo
9.8
CRITICAL
CVE-2025-30164
< 2.11.5
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior t
4.1
MEDIUM
CVE-2025-27609
< 2.11.5
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior t
5.4
MEDIUM
CVE-2025-27405
< 2.11.5
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior t
7.6
HIGH
CVE-2025-27404
< 2.11.5
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior t
7.6
HIGH
CVE-2024-49369
>= 2.4.0 and < 2.11.12
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates perform
9.8
CRITICAL
CVE-2024-24819
< 0.22.0
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\We
5.3
MEDIUM
CVE-2024-24820
>= 1.0.0 and < 1.8.2
Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms
8.3
HIGH
CVE-2023-30607
>= 1.3.0 and < 1.3.2
icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template an
5.0
MEDIUM
CVE-2022-24716
>= 2.9.0 and < 2.9.6
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the
7.5
HIGH
CVE-2022-24715
< 2.8.6
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to
8.5
HIGH
CVE-2022-24714
< 2.8.6
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the
5.3
MEDIUM
CVE-2021-37698
>= 2.5.0 and < 2.11.10
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates perform
7.5
HIGH
CVE-2021-32743
>= 2.0.0 and < 2.11.10
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates perform
8.8
HIGH
CVE-2021-32739
>= 2.4.0 and < 2.11.10
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates perform
8.8
HIGH
CVE-2021-32747
>= 2.0.0 and < 2.7.5
Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom va
5.3
MEDIUM
CVE-2021-32746
>= 2.3.0 and < 2.7.5
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, t
5.3
MEDIUM
CVE-2020-29663
>= 2.8.0 and <= 2.11.7
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed,
9.1
CRITICAL
CVE-2020-24368
>= 2.0.0 and < 2.6.4
Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access
7.5
HIGH
CVE-2020-14004
>= 2.0.0 and <= 2.11.3
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) execut
7.8
HIGH
CVE-2018-18250
< 2.6.2
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name
7.5
HIGH
CVE-2018-18249
< 2.6.2
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel t
9.8
CRITICAL
CVE-2018-18248
all versions
Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icin
6.1
MEDIUM
CVE-2018-18247
< 2.6.2
Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.
5.4
MEDIUM
CVE-2018-18246
< 2.6.2
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /
6.5
MEDIUM
CVE-2018-6535
>= 2.0.0 and <= 2.8.1
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the pas
8.1
HIGH
CVE-2018-6534
>= 2.0.0 and <= 2.8.1
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer d
6.5
MEDIUM
CVE-2018-6533
>= 2.0.0 and <= 2.8.1
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this th
7.8
HIGH
CVE-2018-6532
>= 2.0.0 and <= 2.8.0
An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an
7.5
HIGH
CVE-2018-6536
>= 2.0.0 and <= 2.8.1
An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-roo
5.5
MEDIUM
CVE-2017-16933
>= 2.0.0 and <= 2.8.0
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows
7.0
HIGH
CVE-2017-16882
<= 1.14.0
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by
7.8
HIGH
CVE-2015-8010
<= 1.13.4
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 a
6.1
MEDIUM
CVE-2014-2386
<= 1.10.2
Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via
CVE-2014-1878
<= 1.8.5
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga bef
CVE-2013-7108
<= 1.8.4
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.
CVE-2013-7107
<= 1.10.2
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to
CVE-2013-7106
<= 1.8.4
Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated
CVE-2012-6096
all versions
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x bef
CVE-2012-3441
all versions
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the
CVE-2011-2477
<= 1.4.0
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is dis
CVE-2011-2179
<= 1.4.0
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allo
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin