Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-0772
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.2.2.
Librenms Librenms
5.9
CVSSv3
CVE-2017-16759
The installation process in LibreNMS prior to 2017-08-18 allows remote malicious users to read arbitrary files, related to html/install.php.
Librenms Librenms
8.8
CVSSv3
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-setti...
Librenms Librenms
6.1
CVSSv3
CVE-2022-0576
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms before 22.1.0.
Librenms Librenms
8.8
CVSSv3
CVE-2020-15877
An issue exists in LibreNMS prior to 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
Librenms Librenms
5.4
CVSSv3
CVE-2023-4982
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
8.8
CVSSv3
CVE-2018-20678
LibreNMS up to and including 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
Librenms Librenms
4.3
CVSSv3
CVE-2023-48294
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access gr...
Librenms Librenms
5.4
CVSSv3
CVE-2023-48295
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been a...
Librenms Librenms
6.1
CVSSv3
CVE-2018-18478
Persistent Cross-Site Scripting (XSS) issues in LibreNMS prior to 1.44 allow remote malicious users to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/de...
Librenms Librenms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »