Every CVE whose affected-product data names Nagios Fusion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2020-28907 — CVSS 9.8 (critical): Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via…
CVE-2020-28904 — CVSS 9.8 (critical): Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a…
CVE-2020-28900 — CVSS 9.8 (critical): Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of…
CVE-2020-28901 — CVSS 9.8 (critical): Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to…
CVE-2020-28902 — CVSS 9.8 (critical): Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
CVE-2020-28905 — CVSS 8.8 (high): Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
CVE-2020-28909 — CVSS 8.8 (high): Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts…
CVE-2020-28906 — CVSS 8.8 (high): Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root…
CVE-2025-60425 — CVSS 8.6 (high): Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is…
CVE-2025-60424 — CVSS 7.6 (high): A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication…
CVE-2020-28911 — CVSS 6.5 (medium): Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage…
CVE-2020-28903 — CVSS 6.1 (medium): Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary…
CVE-2018-25119 — CVSS 6.1 (medium): Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient…
CVE-2017-20209 — CVSS 6.1 (medium): Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficient validation…
CVE-2023-7312 — CVSS 4.8 (medium): Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings…
CVE-2023-53689 — CVSS 4.8 (medium): Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow…
CVE-2023-53690 — CVSS 4.8 (medium): Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server…