浏览 27+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24414 | Icinga for Windows certificate can have too-open permissions | Icinga | icinga-powershell-framework | - | - | 2026-01-29 17:35:43 | Deep Dive |
| CVE-2026-24413 | Icinga has insecure permission of %ProgramData%\icinga2\var on Windows | Icinga | icinga2 | - | - | 2026-01-29 17:21:01 | Deep Dive |
| CVE-2025-61909 | Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user | Icinga | icinga2 | - | - | 2025-10-16 17:20:15 | Deep Dive |
| CVE-2025-61908 | Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference | Icinga | icinga2 | - | - | 2025-10-16 17:16:58 | Deep Dive |
| CVE-2025-61907 | Icinga 2 API users could access restricted values in filter expressions | Icinga | icinga2 | - | - | 2025-10-16 17:11:59 | Deep Dive |
| CVE-2025-61789 | Icinga DB Web hidden/protected custom variables are prone to filter enumeration | Icinga | icingadb-web | Medium | 5.3 | 2025-10-16 17:00:32 | Deep Dive |
| CVE-2025-53840 | Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability | Icinga | icingadb-web | Low | 2.4 | 2025-07-16 13:34:37 | Deep Dive |
| CVE-2025-48057 | Icinga 2 certificate renewal might incorrectly renew an invalid certificate | Icinga | icinga2 | - | - | 2025-05-27 16:32:30 | Deep Dive |
| CVE-2025-30164 | Icinga Web 2 has open redirect on login page | Icinga | icingaweb2 | Medium | 4.1 | 2025-03-26 16:13:27 | Deep Dive |
| CVE-2025-27609 | Icinga Web 2 Vulnerable to Reflected XSS | Icinga | icingaweb2 | - | - | 2025-03-26 16:10:19 | Deep Dive |
| CVE-2025-27406 | Icinga Reporting Stored XSS leads to SSRF | Icinga | icingaweb2-module-reporting | High | 7.6 | 2025-03-26 15:49:45 | Deep Dive |
| CVE-2025-27405 | Icinga Web 2 has XSS in embedded content | Icinga | icingaweb2 | High | 7.6 | 2025-03-26 15:10:10 | Deep Dive |
| CVE-2025-27404 | Icinga Web 2 DOM-based XSS vulnerability | Icinga | icingaweb2 | High | 7.6 | 2025-03-26 14:21:05 | Deep Dive |
| CVE-2025-23203 | Icinga has rest API endpoints accessible to restricted users | Icinga | icingaweb2-module-director | Medium | 5.5 | 2025-03-26 13:44:58 | Deep Dive |
| CVE-2024-49369 | Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections | Icinga | icinga2 | Critical | 9.8 | 2024-11-12 16:44:02 | Deep Dive |
| CVE-2024-41811 | ipl/web susceptible to Cross-Site Request Forgery (CSRF) | Icinga | ipl-web | Low | 3.9 | 2024-08-05 20:17:31 | Deep Dive |
| CVE-2024-24819 | icingaweb2-module-incubator base implementation for HTML forms is susceptible to CSRF | Icinga | icingaweb2-module-incubator | Medium | 5.3 | 2024-02-09 00:11:12 | Deep Dive |
| CVE-2024-24820 | Icinga Director configuration is susceptible to Cross-Site Request Forgery | Icinga | icingaweb2-module-director | High | 8.3 | 2024-02-09 00:00:01 | Deep Dive |
| CVE-2023-30607 | icingaweb2-module-jira template and field configuration are susceptible to CSRF | Icinga | icingaweb2-module-jira | Medium | 5.0 | 2023-07-05 17:42:54 | Deep Dive |
| CVE-2022-24714 | Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2 | Icinga | icingaweb2 | Medium | 5.3 | 2022-03-08 19:55:09 | Deep Dive |