CVE-2025-8460

Centreon Infra Monitoring (Notification rules, Open tickets module) has a stored XSS vulnerability (CVE-2025-8460). Affected versions are 23.10.0–23.10.4, 24.04.0–24.04.5, and 24.10.0–24.10.5. Root cause: improper neutralization of user input in web page generation. Remediation per linked sources...

EUVD-2025-36202

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon that stems from improperly set default permissions, which could lead ...

CVE-2025-8459

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Monitoring recurrent downtime scheduler modules allows Stored XSS.This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18,...

CVE-2025-54891

The CVE-2025-54891 issue is an XSS vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) caused by Improper Neutralization of Input During Web Page Generation. Affected versions are Centreon Infra Monitoring 23.10.0–23.10.28, 24.04.0–24.04.18, and 24.10.0–24.10.13...

CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring SNMP traps manufacturer configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13...

CVE-2025-8428

CVE-2025-8428 is a Stored XSS in Centreon Infra Monitoring (HTTP Loader widget modules) caused by improper input neutralization during web page generation. The issue affects Centreon Infra Monitoring versions: 24.10.0–24.10.12, 24.04.0–24.04.17, and 23.10.0–23.10.27. Exploitation could allow an a...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.13, 24.04.0 through 24.04.1...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.13, 24.04.0 through 24.04.1...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.13, 24.04.0 through 24.04.1...

EUVD-2023-2782

Malicious code in bioql PyPI...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-6791 Second order SQL injection available to user with low privilege

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-4650

Centreon Web SQL Injection (CVE-2025-4650) affects Centreon Web via the Meta Service indicator page. The root cause is improper neutralization of special elements in an SQL command, enabling a high-privilege attacker to perform a SQLi without user interaction. Affected versions include web 23.10....

PT-2025-34480 · Web · Web

Name of the Vulnerable Software and Affected Versions: web versions 23.10.0 through 23.10.26 web versions 24.04.0 through 24.04.16 web versions 24.10.0 through 24.10.9 Description: A user with high privileges can inject SQL commands through the Meta Service indicator page due to improper...

adyanutils (>=0.4.0 <=0.8.6), apricot-server (>=0.0.6 <=0.1.1) +151 more potentially affected by CVE-2023-46137 via twisted (>=16.0.0 <=23.10.0)

twisted PYPI version =16.0.0, =0.4.0, =0.0.6, =0.2.0, =3.4.1, =1.5.0, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =1.0.0, =1.1.0 and more Source cves: CVE-2023-46137 Source advisory: OSV:GHSA-XC8X-VP79-P3WM...

LibreNMS SQL Injection Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments and automatic updates. LibreNMS versions prior to 23.10.0 are vulnerable to a SQL injection vulnerability that...