Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms librenms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-0588
Missing Authorization in Packagist librenms/librenms before 22.2.0.
Librenms Librenms
5.4
CVSSv3
CVE-2022-0589
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms before 22.1.0.
Librenms Librenms
8.8
CVSSv3
CVE-2020-15877
An issue exists in LibreNMS prior to 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
Librenms Librenms
7.2
CVSSv3
CVE-2019-10669
An issue exists in LibreNMS up to and including 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function ...
Librenms Librenms
1 EDB exploit
6.1
CVSSv3
CVE-2019-10670
An issue exists in LibreNMS up to and including 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data b...
Librenms Librenms
8.8
CVSSv3
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-setti...
Librenms Librenms
8.8
CVSSv3
CVE-2022-3525
Deserialization of Untrusted Data in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
7.5
CVSSv3
CVE-2023-46745
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain acces...
Librenms Librenms
6.1
CVSSv3
CVE-2018-18478
Persistent Cross-Site Scripting (XSS) issues in LibreNMS prior to 1.44 allow remote malicious users to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/de...
Librenms Librenms
8.1
CVSSv3
CVE-2019-12465
An issue exists in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajax_rulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajax_rulesuggest.php?debug=1&term= request.
Librenms Librenms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »