Centreon
This hub aggregates every CVE we track for Centreon, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
86
CVEs tracked
19
Critical
43
High
0
In CISA KEV
Severity distribution
HIGH43MEDIUM24CRITICAL19
Monthly trend
0
6
2
0
0
0
2
0
0
1
0
0
0
0
0
0
0
0
2
1
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Centreon.
- CVE-2026-2751Blind SQL Injection8.3
- CVE-2025-15029An unauthenticated user is able to introduce SQL Injection using the Awie export module9.8
- CVE-2025-15026Unauthenticated configuration import allows administrative account creation using AWIE component9.8
- CVE-2025-3872Privilege escalation by altering payload in contact form7.2
- CVE-2024-53923An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injectio...9.1
- CVE-2024-55573An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL ...9.1
- CVE-2024-39842A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.7.2
- CVE-2024-39843A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.6.7
- CVE-2024-39841A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.8.8
- CVE-2024-33854A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.9.1
- CVE-2024-33852A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.9.1
- CVE-2024-33853A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.9.1
- CVE-2024-5725Centreon initCurveList SQL Injection Remote Code Execution Vulnerability8.8
- CVE-2024-5723Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability8.8
- CVE-2023-51633Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability9.6
Product normalization is registry-driven with AI assist and human review. How it works