Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-3231
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.9.0.
Librenms Librenms
5.4
CVSSv3
CVE-2022-4067
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
5.4
CVSSv3
CVE-2022-4068
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to exec...
Librenms Librenms
4.8
CVSSv3
CVE-2022-4069
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
9.8
CVSSv3
CVE-2022-4070
Insufficient Session Expiration in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
7.5
CVSSv3
CVE-2019-12464
An issue exists in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.
Librenms Librenms 1.50.1
6.1
CVSSv3
CVE-2022-29711
LibreNMS v22.3.0 exists to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
Librenms Librenms 22.3.0
9.8
CVSSv3
CVE-2022-29712
LibreNMS v22.3.0 exists to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
Librenms Librenms 22.3.0
9.8
CVSSv3
CVE-2018-20434
LibreNMS 1.46 allows remote malicious users to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hos...
Librenms Librenms 1.46
2 EDB exploits
2 Github repositories
5.4
CVSSv3
CVE-2019-15230
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authentic...
Librenms Librenms 1.54
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »