log server · threatengine.sh

CVE-2025-34323

< 2026

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfi

7.8HIGH

CVE-2025-34322

< 2026

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natur

7.2HIGH

CVE-2025-34298

< 2024

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow.

8.8HIGH

CVE-2025-34277

< 2024

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are no

9.8CRITICAL

CVE-2025-34274

< 2024

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embed

9.8CRITICAL

CVE-2025-34273

< 2024

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator user

6.5MEDIUM

CVE-2025-34272

< 2024

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not

6.5MEDIUM

CVE-2025-34271

< 2024

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive

9.8CRITICAL

CVE-2025-34270

< 2024

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obf

4.9MEDIUM

CVE-2024-58273

< 2024

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who cou

7.8HIGH

CVE-2023-7323

< 2024

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficien

5.4MEDIUM

CVE-2023-7322

< 2024

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API per

8.1HIGH

CVE-2023-7321

< 2.1.14

Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log cont

5.4MEDIUM

CVE-2020-36858

< 2.1.6

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create

5.4MEDIUM

CVE-2016-15049

< 1.4.2

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering lo

5.4MEDIUM

CVE-2025-44824

< 2024

Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a

8.5HIGH

CVE-2025-44823

< 2024

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserve

9.9CRITICAL

CVE-2025-2028

all versions

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags

6.5MEDIUM

CVE-2025-29471

all versions

Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payl

8.3HIGH

CVE-2021-35479

< 2.1.9

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through

5.4MEDIUM

CVE-2021-35478

< 2.1.9

Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parame

5.4MEDIUM

CVE-2020-25385

<= 2.1.7

Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through

6.1MEDIUM

CVE-2020-16157

< 2.1.7

A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods - Email Users menu.

5.4MEDIUM

CVE-2019-15898

< 2.0.8

Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.

6.1MEDIUM

nagios log server