Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46745
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain acces...
Librenms Librenms
3.5
CVSSv2
CVE-2021-31274
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
Librenms Librenms
4.3
CVSSv2
CVE-2021-43324
LibreNMS up to and including 21.10.2 allows XSS via a widget title.
Librenms Librenms
1 Github repository
6.5
CVSSv2
CVE-2018-20678
LibreNMS up to and including 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
Librenms Librenms
NA
CVE-2023-48294
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access gr...
Librenms Librenms
NA
CVE-2023-48295
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been a...
Librenms Librenms
NA
CVE-2023-4347
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms before 23.8.0.
Librenms Librenms
6.8
CVSSv2
CVE-2019-10666
An issue exists in LibreNMS up to and including 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP ...
Librenms Librenms
NA
CVE-2023-4977
Code Injection in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
NA
CVE-2023-4978
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »