Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Centreon — Vulnerabilities & Security Advisories 51

Browse all 51 CVE security advisories affecting Centreon. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Centreon:CentreonInfra MonitoringwebCentreon BAMInfra Monitoring - Open-ticketsCentreon Web on Central ServerCentreon Open Tickets on Central Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-2749 Path traversal in Centreon Open Tickets 9.9 Critical2026-02-27
CVE-2026-2750 Command Injection via CLAPI generatetraps — Centreon Open Tickets on Central ServerCWE-20 9.1 Critical2026-02-27
CVE-2026-2751 Blind SQL Injection — Centreon Web on Central Server 8.3 High2026-02-27
CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module — Infra MonitoringCWE-89 9.8 Critical2026-01-05
CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component — Infra MonitoringCWE-306 9.8 Critical2026-01-05
CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-12519 Information disclosure on Administration parameters API endpoint — Infra MonitoringCWE-862 5.3 Medium2026-01-05
CVE-2025-13056 A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page — Infra MonitoringCWE-79 6.8 Medium2026-01-05
CVE-2025-5965 RCE via the backup feature available only to user with high privilege — Infra MonitoringCWE-78 7.2 High2026-01-05
CVE-2025-54890 A user with elevated privileges can inject XSS in the Hostgroups configuration page — Infra MonitoringCWE-79 6.8 Medium2025-12-22
CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters — Infra Monitoring - Open-ticketsCWE-89 7.2 High2025-12-22
CVE-2025-8460 A user with elevated privileges can inject XSS in the Notification rules configuration page — Infra MonitoringCWE-79 6.8 Medium2025-12-22
CVE-2025-10023 A user with elevated privileges can inject XSS in the Services Meta-services configuration page — Infra MonitoringCWE-79 6.2 Medium2025-10-27
CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON — Infra MonitoringCWE-276 8.4 High2025-10-27
CVE-2025-8459 A user with low privileges can inject XSS in the Monitoring Recurrent downtimes page — Infra MonitoringCWE-79 7.7 High2025-10-14
CVE-2025-8430 A user with elevated privileges can inject XSS in the Commands Connectors configuration configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-8429 A user with elevated privileges can inject XSS in the ACL Action access configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54893 A user with elevated privileges can inject XSS in the Hosts templates configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54891 A user with elevated privileges can inject XSS in the ACL Resource Access configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54892 A user with elevated privileges can inject XSS in the SNMP traps group configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-5946 RCE via the poller reload feature available only to user with high privilege — Infra MonitoringCWE-78 7.2 High2025-10-14
CVE-2025-8428 XSS found in the HTTP loader widget — Infra MonitoringCWE-79 6.8 Medium2025-10-14
CVE-2025-6791 Second order SQL injection available to user with low privilege — webCWE-89 8.8 High2025-08-22
CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page — webCWE-89 7.2 High2025-08-22
CVE-2025-4649 ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. — webCWE-755 4.9 Medium2025-05-13
CVE-2025-4648 A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. — webCWE-434 8.4 High2025-05-13
CVE-2025-4647 A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG — webCWE-79 8.4 High2025-05-13
CVE-2025-4646 A high privilege user is able to create and use a valid admin API token in centreon-web — webCWE-863 7.2 High2025-05-13

This page lists every published CVE security advisory associated with Centreon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.