| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-54892 | A user with elevated privileges can inject XSS in the SNMP traps group configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-10-14 14:59:11 | Deep Dive |
| CVE-2025-54889 | A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page | Centreon | Infra Monitoring | Medium | 6.8 | 2025-10-14 14:54:31 | Deep Dive |
| CVE-2025-5946 | RCE via the poller reload feature available only to user with high privilege | Centreon | Infra Monitoring | High | 7.2 | 2025-10-14 14:29:01 | Deep Dive |
| CVE-2025-8428 | XSS found in the HTTP loader widget | Centreon | Infra Monitoring | Medium | 6.8 | 2025-10-14 14:22:03 | Deep Dive |
| CVE-2025-6791 | Second order SQL injection available to user with low privilege | Centreon | web | High | 8.8 | 2025-08-22 18:56:28 | Deep Dive |
| CVE-2025-4650 | User with high privileges is able to introduce a SQLi using the Meta Service indicator page | Centreon | web | High | 7.2 | 2025-08-22 18:50:42 | Deep Dive |
| CVE-2025-4649 | ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. | Centreon | web | Medium | 4.9 | 2025-05-13 11:40:23 | Deep Dive |
| CVE-2025-4648 | A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. | Centreon | web | High | 8.4 | 2025-05-13 09:45:42 | Deep Dive |
| CVE-2025-4647 | A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG | Centreon | web | High | 8.4 | 2025-05-13 09:31:18 | Deep Dive |
| CVE-2025-4646 | A high privilege user is able to create and use a valid admin API token in centreon-web | Centreon | web | High | 7.2 | 2025-05-13 09:17:35 | Deep Dive |
| CVE-2025-3872 | Privilege escalation by altering payload in contact form | Centreon | Centreon | High | 7.2 | 2025-04-24 09:19:34 | Deep Dive |
| CVE-2025-3767 | SQL Injection in Centreon BAM boolean KPI listing | Centreon | Centreon BAM | High | 7.2 | 2025-04-22 15:16:24 | Deep Dive |
| CVE-2024-5725 | Centreon initCurveList SQL Injection Remote Code Execution Vulnerability | Centreon | Centreon | - | - | 2024-08-21 16:14:52 | Deep Dive |
| CVE-2024-5723 | Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability | Centreon | Centreon | - | - | 2024-08-21 16:14:44 | Deep Dive |
| CVE-2023-51633 | Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability | Centreon | Centreon | 高危 | - | 2024-05-03 02:15:51 | Deep Dive |
| CVE-2024-23119 | Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability | Centreon | Centreon | 高危 | - | 2024-04-01 21:48:27 | Deep Dive |
| CVE-2024-23118 | Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability | Centreon | Centreon | 高危 | - | 2024-04-01 21:48:11 | Deep Dive |
| CVE-2024-23117 | Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability | Centreon | Centreon | 高危 | - | 2024-04-01 21:47:42 | Deep Dive |
| CVE-2024-23116 | Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability | Centreon | Centreon | 高危 | - | 2024-04-01 21:47:27 | Deep Dive |
| CVE-2024-23115 | Centreon updateGroups SQL Injection Remote Code Execution Vulnerability | Centreon | Centreon | 高危 | - | 2024-04-01 21:47:10 | Deep Dive |