Every CVE whose affected-product data names Icinga Icinga Web 2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2018-18249 — CVSS 9.8 (critical): Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send…
CVE-2022-24715 — CVSS 8.5 (high): Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the…
CVE-2025-27405 — CVSS 7.6 (high): Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5…
CVE-2025-27404 — CVSS 7.6 (high): Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5…
CVE-2020-24368 — CVSS 7.5 (high): Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access…
CVE-2018-18250 — CVSS 7.5 (high): Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a…
CVE-2022-24716 — CVSS 7.5 (high): Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents…
CVE-2018-18246 — CVSS 6.5 (medium): Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via…
CVE-2018-18248 — CVSS 6.1 (medium): Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the…
CVE-2025-27609 — CVSS 5.4 (medium): Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5…
CVE-2022-24714 — CVSS 5.3 (medium): Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO…
CVE-2025-30164 — CVSS 4.1 (medium): Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5…