Every CVE whose affected-product data names Nagios Log Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2025-44823 — CVSS 9.9 (critical): Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.ph…
CVE-2025-34271 — CVSS 9.8 (critical): Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive…
CVE-2025-34277 — CVSS 9.8 (critical): Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly…
CVE-2025-34274 — CVSS 9.8 (critical): Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded…
CVE-2025-34298 — CVSS 8.8 (high): Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user…
CVE-2025-44824 — CVSS 8.5 (high): Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a…
CVE-2025-29471 — CVSS 8.3 (high): Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into…
CVE-2023-7322 — CVSS 8.1 (high): Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission…
CVE-2025-34323 — CVSS 7.8 (high): Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration…
CVE-2024-58273 — CVSS 7.8 (high): Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute…
CVE-2025-34322 — CVSS 7.2 (high): Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural…
CVE-2025-34272 — CVSS 6.5 (medium): In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably…
CVE-2025-34273 — CVSS 6.5 (medium): Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to…
CVE-2020-25385 — CVSS 6.1 (medium): Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the…
CVE-2021-35479 — CVSS 5.4 (medium): Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the…
CVE-2021-35478 — CVSS 5.4 (medium): Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used…
CVE-2020-36858 — CVSS 5.4 (medium): Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit…
CVE-2023-7321 — CVSS 5.4 (medium): Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was…
CVE-2016-15049 — CVSS 5.4 (medium): Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries…
CVE-2023-7323 — CVSS 5.4 (medium): Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient…
CVE-2020-16157 — CVSS 5.4 (medium): A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.
CVE-2025-34270 — CVSS 4.9 (medium): Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate…