Lucene search
K

63 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.10 views

CVE-2026-57956

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS0.00177EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:22 p.m.3 views

CVE-2026-57956 SigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert Rules

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.1CVSS6AI score0.00177EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 5:22 p.m.9 views

EUVD-2026-40141

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS5.8AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:22 p.m.36 views

CVE-2026-57956 SigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert Rules

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS0.00177EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 5:22 p.m.7 views

CVE-2026-57956 SigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert Rules

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS5.8AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:22 p.m.27 views

CVE-2026-57956

SigNoz

6.4CVSS5.8AI score0.00177EPSS
Exploits0References2
Veracode
Veracode
added 2026/03/17 9:24 a.m.10 views

Stored Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the alert rule name in the Alert Rule API, which allows an attacker to inject malicious HTML code when creating or updating alert rules via the API...

5.4CVSS5.9AI score0.03417EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 1:30 a.m.6 views

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.8CVSS5.5AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 2:16 a.m.13 views

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.8CVSS0.00238EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/20 1:25 a.m.33 views

CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.3CVSS0.00238EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/20 1:25 a.m.4 views

CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.3CVSS5.6AI score0.00238EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/20 1:25 a.m.9 views

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.3CVSS5.6AI score0.00238EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/20 1:25 a.m.25 views

CVE-2026-26989

LibreNMS contains a Stored XSS in the Alert Rules workflow in versions 25.12.0 and earlier, due to vulnerable code in alert_rule_list.inc.php. The underlying issue is that admin users can inject scripts that execute in other users’ browsers when viewing the Alert Rules page. Impact is limited to ...

4.8CVSS5.6AI score0.00238EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/20 1:25 a.m.9 views

CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.3CVSS5.5AI score0.00238EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.12 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 contained a cross-site scripting vulnerability. This...

4.8CVSS5.7AI score0.00238EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.18 views

PT-2026-20904

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.3CVSS5.6AI score0.00238EPSS
Exploits1References6
OSV
OSV
added 2026/02/18 10:30 p.m.7 views

GHSA-6XMX-XR9P-58P7 LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

4.3CVSS5.5AI score0.00238EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/18 10:30 p.m.8 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the alertrulelist.inc.php process. An attacker can execute arbitrary JavaScript code in...

4.8CVSS5.7AI score0.00238EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/18 10:30 p.m.9 views

LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

4.8CVSS5.5AI score0.00238EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/24 12:48 a.m.14 views

CVE-2025-68614

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject...

5.4CVSS6.3AI score0.03417EPSS
Exploits1References1
Rows per page
Query Builder