| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2749 | Path traversal in Centreon Open Tickets | Centreon | - | Critical | 9.9 | 2026-02-27 15:05:17 | Deep Dive |
| CVE-2026-2750 | Command Injection via CLAPI generatetraps | Centreon | Centreon Open Tickets on Central Server | Critical | 9.1 | 2026-02-27 14:58:29 | Deep Dive |
| CVE-2026-2751 | Blind SQL Injection | Centreon | Centreon Web on Central Server | High | 8.3 | 2026-02-27 13:33:45 | Deep Dive |
| CVE-2025-15029 | An unauthenticated user is able to introduce SQL Injection using the Awie export module | Centreon | Infra Monitoring | Critical | 9.8 | 2026-01-05 14:34:03 | Deep Dive |
| CVE-2025-15026 | Unauthenticated configuration import allows administrative account creation using AWIE component | Centreon | Infra Monitoring | Critical | 9.8 | 2026-01-05 14:31:34 | Deep Dive |
| CVE-2025-12511 | A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2026-01-05 14:05:53 | Deep Dive |
| CVE-2025-12513 | A user with elevated privileges can inject XSS in the Hosts configuration parameters page | Centreon | Infra Monitoring | Medium | 6.8 | 2026-01-05 13:43:43 | Deep Dive |
| CVE-2025-12519 | Information disclosure on Administration parameters API endpoint | Centreon | Infra Monitoring | Medium | 5.3 | 2026-01-05 10:15:09 | Deep Dive |
| CVE-2025-13056 | A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2026-01-05 10:10:36 | Deep Dive |
| CVE-2025-5965 | RCE via the backup feature available only to user with high privilege | Centreon | Infra Monitoring | High | 7.2 | 2026-01-05 10:06:05 | Deep Dive |
| CVE-2025-54890 | A user with elevated privileges can inject XSS in the Hostgroups configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-12-22 11:07:28 | Deep Dive |
| CVE-2025-12514 | A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters | Centreon | Infra Monitoring - Open-tickets | High | 7.2 | 2025-12-22 10:59:18 | Deep Dive |
| CVE-2025-8460 | A user with elevated privileges can inject XSS in the Notification rules configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-12-22 10:55:59 | Deep Dive |
| CVE-2025-10023 | A user with elevated privileges can inject XSS in the Services Meta-services configuration page | Centreon | Infra Monitoring | Medium | 6.2 | 2025-10-27 15:07:22 | Deep Dive |
| CVE-2025-8432 | CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON | Centreon | Infra Monitoring | High | 8.4 | 2025-10-27 10:08:34 | Deep Dive |
| CVE-2025-8459 | A user with low privileges can inject XSS in the Monitoring Recurrent downtimes page | Centreon | Infra Monitoring | High | 7.7 | 2025-10-14 17:11:31 | Deep Dive |
| CVE-2025-8430 | A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-10-14 16:54:44 | Deep Dive |
| CVE-2025-8429 | A user with elevated privileges can inject XSS in the ACL Action access configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-10-14 15:29:56 | Deep Dive |
| CVE-2025-54893 | A user with elevated privileges can inject XSS in the Hosts templates configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-10-14 15:24:24 | Deep Dive |
| CVE-2025-54891 | A user with elevated privileges can inject XSS in the ACL Resource Access configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-10-14 15:07:01 | Deep Dive |