Every CVE whose affected-product data names Centreon Centreon Web, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (56)
CVE-2018-11587 — CVSS 9.8 (critical): There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in…
CVE-2018-11589 — CVSS 9.8 (critical): Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in…
CVE-2024-32501 — CVSS 9.8 (critical): A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before…
CVE-2024-33853 — CVSS 9.1 (critical): A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x…
CVE-2024-53923 — CVSS 9.1 (critical): An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A…
CVE-2024-33852 — CVSS 9.1 (critical): A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x…
CVE-2024-55573 — CVSS 9.1 (critical): An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before…
CVE-2024-33854 — CVSS 9.1 (critical): A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13…
CVE-2019-17107 — CVSS 8.8 (high): minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress…
CVE-2024-5723 — CVSS 8.8 (high): Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2018-21023 — CVSS 8.8 (high): getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
CVE-2019-15298 — CVSS 8.8 (high): A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configO…
CVE-2019-15299 — CVSS 8.8 (high): An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key…
CVE-2019-15300 — CVSS 8.8 (high): A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters…
CVE-2025-6791 — CVSS 8.8 (high): In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper…
CVE-2024-39841 — CVSS 8.8 (high): A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before…
CVE-2018-21021 — CVSS 8.8 (high): img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
CVE-2018-21022 — CVSS 8.8 (high): makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
CVE-2024-23119 — CVSS 8.8 (high): Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2025-4647 — CVSS 8.4 (high): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected…
CVE-2025-4648 — CVSS 8.4 (high): The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated…
CVE-2026-2751 — CVSS 8.3 (high): Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server…
CVE-2019-16406 — CVSS 7.8 (high): Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files…
CVE-2025-8459 — CVSS 7.7 (high): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2018-21020 — CVSS 7.5 (high): In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass…
CVE-2025-5946 — CVSS 7.2 (high): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring…
CVE-2019-16405 — CVSS 7.2 (high): Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an…
CVE-2024-23118 — CVSS 7.2 (high): Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2025-3872 — CVSS 7.2 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User…
CVE-2025-4646 — CVSS 7.2 (high): Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web…
CVE-2025-4650 — CVSS 7.2 (high): User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of…
CVE-2025-5965 — CVSS 7.2 (high): In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper…
CVE-2025-8429 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL…
CVE-2025-54890 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2025-54891 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL…
CVE-2025-54892 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2025-54893 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2025-8428 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2025-12513 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2025-13056 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2025-8430 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2025-54889 — CVSS 6.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2019-17106 — CVSS 6.5 (medium): In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external…
CVE-2021-26804 — CVSS 6.5 (medium): Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any…
CVE-2025-10023 — CVSS 6.2 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring…
CVE-2019-17108 — CVSS 6.1 (medium): Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored…
CVE-2018-11588 — CVSS 5.4 (medium): Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command…
CVE-2025-12519 — CVSS 5.3 (medium): Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing…
CVE-2025-4649 — CVSS 4.9 (medium): Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into…