CVE-2025-27377 Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

CVE-2025-27377 Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

Altium Designer security vulnerabilities

Altium Designer is an electronic design automation software developed by Altium Corporation in the United States. Version 24.9.0 of Altium Designer contains a security vulnerability. This vulnerability stems from unverified self-signed server certificates connected to the cloud, which may lead to...

PT-2026-3884

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle MITM attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensiti...

com.vaadin:vaadin (>=24.9.0 <=24.9.17) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.9.0 <=24.9.6)

com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.9.0, =24.9.0, =24.9.17 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...

com.vaadin:vaadin (>=24.9.0 <=24.9.17) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.9.0 <=24.9.5)

com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.9.0, =24.9.0, =24.9.17 Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860869...

CVE-2024-45606

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

PT-2024-35746 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions 24.9.0 through 24.10.0 Description: A stored cross-site scripting XSS vulnerability in the Device Settings section of LibreNMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

CVE-2024-47527

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to t...

CVE-2024-47523

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which...

CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

CVE-2024-47525

CVE-2024-47525 is a Stored XSS in LibreNMS affecting the Alert Rules feature, where input in the Title field may inject arbitrary JavaScript. The root cause is inadequate sanitization of the rule title in the server-side rendering path (print-alert-rules.php). Impact described across sources incl...

CVE-2024-47527

Summary (CVE-2024-47527, LibreNMS) A Stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS, affecting the Device Dependencies feature. The flaw allows an authenticated user to inject arbitrary JavaScript via the device hostname parameter, which can execute in other users’ sessions, p...

CVE-2024-47527 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to t...

CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...

CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...

CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...

PT-2024-32639 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: The application fails to properly sanitize user input in the Device Groups name, allowing an attacker to execute malicious JavaScript code when a user views the details of the Device Group. This...

PT-2024-7962 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This can lead to the execution of...