Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms librenms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-0587
Improper Authorization in Packagist librenms/librenms before 22.2.0.
Librenms Librenms
5.4
CVSSv3
CVE-2022-0589
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms before 22.1.0.
Librenms Librenms
8.8
CVSSv3
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-setti...
Librenms Librenms
9.8
CVSSv3
CVE-2019-10665
An issue exists in LibreNMS up to and including 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filte...
Librenms Librenms
8.1
CVSSv3
CVE-2019-10666
An issue exists in LibreNMS up to and including 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP ...
Librenms Librenms
5.3
CVSSv3
CVE-2019-10667
An issue exists in LibreNMS up to and including 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths.
Librenms Librenms
9.1
CVSSv3
CVE-2019-10668
An issue exists in LibreNMS up to and including 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected ...
Librenms Librenms
6.1
CVSSv3
CVE-2019-10670
An issue exists in LibreNMS up to and including 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data b...
Librenms Librenms
5.4
CVSSv3
CVE-2022-4067
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
5.4
CVSSv3
CVE-2022-4068
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to exec...
Librenms Librenms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »