Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms librenms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-29711
LibreNMS v22.3.0 exists to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
Librenms Librenms 22.3.0
9.8
CVSSv3
CVE-2022-29712
LibreNMS v22.3.0 exists to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
Librenms Librenms 22.3.0
9.8
CVSSv3
CVE-2018-20434
LibreNMS 1.46 allows remote malicious users to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hos...
Librenms Librenms 1.46
2 EDB exploits
2 Github repositories
6.1
CVSSv3
CVE-2022-36745
LibreNMS v22.6.0 exists to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.
Librenms Librenms 22.6.0
6.1
CVSSv3
CVE-2022-36746
LibreNMS v22.6.0 exists to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.
Librenms Librenms 22.6.0
NA
CVE-2024-32461
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vul...
NA
CVE-2024-32479
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
NA
CVE-2024-32480
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions before 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and con...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6