22 matches found
CVE-2026-52794
Sentry CVE-2026-52794 describes a ReDoS in the event ingestion pipeline affecting versions from 24.4.0 through 26.5.2, where a regex on attacker-controlled fields can cause excessive CPU time. The flaw has a CVSSv3.1 base score of 7.5 (High) with network attack vector and no privileges required. ...
CVE-2026-52794 Sentry: Inefficient Regular Expression Complexity in sentry
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...
EUVD-2024-1191
Malicious code in bioql PyPI...
EUVD-2024-1233
Malicious code in bioql PyPI...
EUVD-2024-1133
Malicious code in bioql PyPI...
CVE-2024-56324
GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity XXE injection on the GoCD server. Theoretically, the XXE vulnerability can result in...
CVE-2024-32479
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...
CVE-2024-32461
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an...
CVE-2024-32480
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...
CVE-2024-32479
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...
CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resultin...
CVE-2024-32479 LibreNMS's Improper Sanitization on Service template name leads to Stored XSS
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...
CVE-2024-32461 LibreNMS vulnerable to time-based SQL injection that leads to database extraction
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an...
PT-2024-24590
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.4.0 Description A SQL injection vulnerability in the POST /search/search=packages endpoint in LibreNMS allows a user with global read privileges to execute SQL commands via the package parameter. This vulnerabilit...
LibreNMS 安全漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments and automatic updates. A security vulnerability exists in LibreNMS versions prior to 24.4.0 that stems from the...
LibreNMS SQL注入漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A security vulnerability exists in LibreNMS versions prior to 24.4.0. An attacker...
PT-2024-24604 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.4.0 Description: The issue is related to a SQL injection vulnerability. The order parameter, obtained from $request, is directly incorporated into an SQL statement after a string check, resulting in the...
PT-2024-24602 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.4.0 Description: The issue is related to improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. This can be exploited by modifying the template name with crafted...