CVE-2023-47132 — CVSS 9.8 (critical): An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVE-2024-28200 — CVSS 9.1 (critical): The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of…
CVE-2024-5322 — CVSS 9.1 (critical): The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to…
CVE-2025-7051 — CVSS 8.3 (high): On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central…
CVE-2025-11700 — CVSS 7.5 (high): N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
CVE-2025-10231 — CVSS 7.0 (high): An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a…
CVE-2023-30297 — CVSS 7.0 (high): An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring…
CVE-2024-8510 — CVSS 5.3 (medium): N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not…