📦 Nagvis

CVE-2022-46945 is an arbitrary file read vulnerability in Nagvis versions before 1.9.34. Attackers can exploit the NagVisHoverUrl.php component to read sensitive files on the server. Organizations run...

CVE-2024-38866 is an input validation vulnerability in Nagvis that allows livestatus injection attacks. Attackers can inject malicious commands into Nagvis's livestatus interface, potentially executin...

CVE-2024-47093 is a cross-site scripting (XSS) vulnerability in Nagvis versions before 1.9.42 due to improper input sanitization. Attackers can inject malicious scripts that execute in victims' browse...

CVE-2025-39665 is an information disclosure vulnerability in Nagvis' Checkmk MultisiteAuth plugin that allows unauthenticated attackers to enumerate valid Checkmk usernames. This affects organizations...