aakashtyal

3 exploits Active since Apr 2025
CVE-2025-60424 NOMISEC HIGH WRITEUP
Nagios Fusion <2024R2 - Auth Bypass
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.
CVSS 7.6
CVE-2025-60425 NOMISEC HIGH WRITEUP
Nagios Fusion <2024R2 - Session Hijacking
Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.
CVSS 8.6
CVE-2025-28059 WRITEUP HIGH WRITEUP
Nagios Network Analyzer - Insufficient Session Expiration
An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions.
CVSS 7.5