1187 matches found
GHSA-5GM9-622F-QCG5 LibreNMS: Cross-Site Scripting in ShowConfigController
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...
LibreNMS: Cross-Site Scripting in ShowConfigController
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...
EUVD-2026-21907
LibreNMS: Cross-Site Scripting in ShowConfigController...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
CVE-2024-51092
CVE-2024-51092 affects LibreNMS prior to 24.10.0 and allows an authenticated attacker to achieve arbitrary code execution via OS command injection. The root causes are: (1) AboutController.php index() returning a value from shell_exec(); (2) SettingsController.php update() validating and persisti...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
LibreNMS: Cross-Site Scripting In ShowConfigController
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the "rancidrepourl" configuration value. When a user navigates to a device's configuration page, this unsanitise...
Remote Code Execution (RCE)
LibreNMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of Binary Locations configuration and the Netcommand feature, which allows an attacker with administrative privileges to execute arbitrary commands on the server...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
EUVD-2026-22251
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
CVE-2026-30480
CVE-2026-30480 – LibreNMS NFSen LFI via nfsen parameter involves an authenticated Local File Inclusion in the NFSen module (includes/html/pages/device/nfsen/nfsen.inc.php). The root cause is unsafely concatenating user input (vars['nfsen']) into a file path without proper sanitization; an attacke...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
LibreNMS 安全漏洞
LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Version LibreNMS 22.11.0-23-gd091788f2 contains security vulnerabilities. These...
PT-2026-32629
Name of the Vulnerable Software and Affected Versions LibreNMS version 22.11.0-23-gd091788f2 Description A Local File Inclusion LFI issue exists in the NFSen module nfsen.inc.php. This occurs due to improper restriction of the directory path name when processing the nfsen parameter. An...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
GHSA-7549-GGPQ-22W8 Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pr3g-phhr-h8fh. This link is maintained to preserve external references. Original Description LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing...