Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • DevOps
  • Monitoring

Monitoring

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    3 Nov 2025 DevOps
    Nagios XI: Cross-Site Scripting (XSS) in 404 Missing Page

    In Nagios XI versions prior to 2024R1.1 a medium severity vulnerability CVE-2024-13992 was detected. This vulnerability allows remote attackers to execute arbitrary JavaScript in a victim’s browser via a crafted link that targets the “missing page” (404) page, due to improper validation or escaping of user-supplied input in `page-missing.php`. To address this issue, users should upgrade Nagios XI to version 2024R1.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13992.

    Read more
    Monitoring
    10 Oct 2025 DevOps
    Zabbix: LDAP Bind Password Exposure to Super Admins

    In Zabbix versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1 a medium severity vulnerability CVE-2025-27231 was identified. A Super Admin user could leak the LDAP “Bind password” by changing the LDAP “Host” to a rogue server. Although the password field is not normally readable after saving, this behavior allowed indirect exposure of sensitive credentials. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.18, 7.2.12, or 7.4.2 or later. For more details, see https://nvd.nist.gov/vuln/detail/CVE-2025-27231.

    Read more
    Monitoring
    10 Oct 2025 DevOps
    Zabbix: User Information Disclosure via API

    In Zabbix versions 6.0.38 through 6.0.40, 7.0.9 through 7.0.16, 7.2.3 through 7.2.10, and 7.4.0 a low severity vulnerability CVE-2025-27236 was identified. A regular Zabbix user could search other users in their user group via the Zabbix API by selecting fields the user does not have access to view. This allows data-mining of some field values the user does not have access to. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.17, 7.2.11, or 7.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27236.

    Read more
    Monitoring
    10 Oct 2025 DevOps
    Zabbix: DLL Injection via OpenSSL Configuration in Agent and Agent 2

    In Zabbix Agent and Agent 2 on Windows versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1 a high severity vulnerability CVE-2025-27237 was detected. The OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.18, 7.2.12, or 7.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27237.

    Read more
    Monitoring
    10 Oct 2025 DevOps
    Zabbix: Insufficient Permission Check for problem.view.refresh Action

    In Zabbix versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1 a medium severity vulnerability CVE-2025-49641 was detected. A regular Zabbix user with no permission to the Monitoring → Problems view is still able to call the problem.view.refresh action and retrieve a list of active problems. To address this issue, users should upgrade Zabbix to versions 6.0.41, 7.0.18, 7.2.12, or 7.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49641.

    Read more
    Monitoring
    30 Sep 2025 DevOps
    Nagios: Authenticated Command Injection in Configuration Wizards

    In Nagios XI versions prior to 2026R1 a high severity vulnerability CVE-2025-34227 was detected. This authenticated command injection issue affects the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query configuration wizards. By injecting shell characters into service arguments, an attacker could execute arbitrary system commands on the underlying host as the nagios user. To address this issue, users should upgrade to Nagios XI 2026R1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-34227.

    Read more
    Monitoring
    15 Sep 2025 DevOps
    Zabbix: Remote Code Execution via smartctl Plugin

    In Zabbix version 5.0 a medium severity vulnerability CVE-2025-27234 was detected. This vulnerability allows attackers to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this can result in remote code execution. To address this issue, users should upgrade Zabbix to version 5.0.47 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27234.

    Read more
    Monitoring
    15 Sep 2025 DevOps
    Zabbix: smartctl Plugin Argument Injection Vulnerability

    In Zabbix versions 6.0.0 through 6.0.39, 7.0.0 through 7.0.10, and 7.2.0 through 7.2.4 a medium severity vulnerability CVE-2025-27233 was detected. This vulnerability allows attackers to inject unexpected arguments into the smartctl command via the smart.disk.get parameters, which can be exploited to leak the NTLMv2 hash from a Windows system. To address this issue, users should upgrade Zabbix Agent 2 to versions 6.0.40, 7.0.11, 7.2.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27233.

    Read more
    Monitoring
    15 Sep 2025 DevOps
    Zabbix: Improper Access Control Vulnerability

    In Zabbix versions 7.0.0 through 7.0.13 and 7.2.0 through 7.2.7 a medium severity vulnerability CVE-2025-27238 was detected. This vulnerability allows users without any assigned user groups to retrieve information on all host prototypes via the hostprototype.get API method. To address this issue, users should upgrade Zabbix to versions 7.0.14 or 7.2.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27238.

    Read more
    Monitoring
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}