Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms librenms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-46745
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain acces...
Librenms Librenms
8.8
CVSSv3
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-setti...
Librenms Librenms
5.4
CVSSv3
CVE-2021-31274
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
Librenms Librenms
8.1
CVSSv3
CVE-2019-10666
An issue exists in LibreNMS up to and including 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP ...
Librenms Librenms
9.1
CVSSv3
CVE-2019-10668
An issue exists in LibreNMS up to and including 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected ...
Librenms Librenms
8.8
CVSSv3
CVE-2019-10671
An issue exists in LibreNMS up to and including 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php...
Librenms Librenms
6.1
CVSSv3
CVE-2022-3516
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.10.0.
Librenms Librenms
6.5
CVSSv3
CVE-2023-5591
SQL Injection in GitHub repository librenms/librenms before 23.10.0.
Librenms Librenms
6.1
CVSSv3
CVE-2019-10670
An issue exists in LibreNMS up to and including 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data b...
Librenms Librenms
4.8
CVSSv3
CVE-2022-0772
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.2.2.
Librenms Librenms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »