CVE-2026-26990

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

CVE-2026-26990

Summary: CVE-2026-26990 affects LibreNMS versions 25.12.0 and below, with a Time-Based Blind SQL Injection in the address-search.inc.php component via the address parameter. The issue arises when a crafted subnet prefix is supplied, causing the prefix value to be concatenated into SQL without pro...

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

LibreNMS SQL注入漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability, which stems from...

CVE-2021-35402

CVE-2021-35402 affects PROLiNK PRC2402M firmware prior to 2021-06-13. The issue is an OS command injection in live_api.cgi when handling page=satellite_list (satellite_status) via the ip parameter, caused by shell metacharacters in user input. Impact is arbitrary command execution on vulnerable d...

CVE-2019-25408

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...

PT-2026-20811

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask addr...

GHSA-79Q9-WC6P-CF92 LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the address parameter in the address-search.inc.php process. An authenticated attacker can extract...

LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the address parameter in the IPv6 address search process. An attacker can execute arbitrary SQL...

LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.

Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...

PT-2026-20905

Name of the Vulnerable Software and Affected Versions LibreNMS versions 25.12.0 and below Description LibreNMS is a network monitoring tool. A Time-Based Blind SQL Injection exists in the address-search.inc.php file via the address parameter. Supplying a crafted subnet prefix allows manipulation ...

CVE-2026-2530

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

GeekAI 代码问题漏洞

GeekAI is a large language model assistant developed by GeekMaser’s individual developers. Versions of GeekAI 4.2.4 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the url parameter in the Download function within the...

PT-2026-8374

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

WordPress SEO Plugin by Squirrly SEO plugin <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter vulnerability

Authenticated Contributor+ SQL Injection via url Parameter vulnerability discovered by bart in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.3.19...

VulnCheck KEV: CVE-2025-44846

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...