Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-10670
An issue exists in LibreNMS up to and including 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data b...
Librenms Librenms
NA
CVE-2022-4069
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
NA
CVE-2023-4980
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
NA
CVE-2023-4981
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
NA
CVE-2023-4982
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
7.5
CVSSv2
CVE-2022-29712
LibreNMS v22.3.0 exists to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
Librenms Librenms 22.3.0
NA
CVE-2022-36746
LibreNMS v22.6.0 exists to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.
Librenms Librenms 22.6.0
10
CVSSv2
CVE-2018-20434
LibreNMS 1.46 allows remote malicious users to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hos...
Librenms Librenms 1.46
2 EDB exploits
2 Github repositories
6
CVSSv2
CVE-2019-12464
An issue exists in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.
Librenms Librenms 1.50.1
4.3
CVSSv2
CVE-2022-29711
LibreNMS v22.3.0 exists to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
Librenms Librenms 22.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »