Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2024-14002

Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host.

Published: Oct 30, 2025
Updated: Nov 7, 2025
CVE: CVE-2024-14002
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-98

Affected Software
References

Software	From	Fixed in
nagios / nagios_xi	-	2024
nagios / nagios_xi	2024-r1	2024-r1.x
nagios / nagios_xi	2024-r1.0.1	2024-r1.0.1.x
nagios / nagios_xi	2024-r1.0.2	2024-r1.0.2.x
nagios / nagios_xi	2024-r1.1	2024-r1.1.x
nagios / nagios_xi	2024-r1.1.1	2024-r1.1.1.x
nagios / nagios_xi	2024-r1.1.2	2024-r1.1.2.x
nagios / nagios_xi	2024-r1.1.3	2024-r1.1.3.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo