CVE-2023-40314

Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...

CVE-2023-40312

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30...

EUVD-2021-1120

Malware in sbrugna...

EUVD-2021-12791

Malware in sbrugna...

EUVD-2021-1144

Malware in sbrugna...

EUVD-2020-4225

Malware in sbrugna...

EUVD-2021-1118

Malware in sbrugna...

EUVD-2023-0739

Malicious code in bioql PyPI...

EUVD-2023-0658

Malicious code in bioql PyPI...

EUVD-2025-19232

Malicious code in bioql PyPI...

EUVD-2023-2949

Malicious code in bioql PyPI...

EUVD-2023-1053

Malicious code in bioql PyPI...

EUVD-2023-0684

Malicious code in bioql PyPI...

CVE-2025-53122

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state...

CVE-2025-53122

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state...

CVE-2025-53122

OpenNMS Horizon and Meridian are affected by CVE-2025-53122, a SQL Injection due to improper neutralization of special elements in SQL commands. The fix is upgrading to Meridian 2024.2.6+ or Horizon 33.16+ (as referenced in OpenNMS advisories). Affected products: OpenNMS Horizon and Meridian; roo...

CVE-2025-53122 SQLi in OpenNMS Horizon and Meridian

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state...

CVE-2025-53121

Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...

OpenNMS Horizon 安全漏洞

OpenNMS Horizon is an open source solution from OpenNMS, Inc. that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon that stems from improper neutralization of special elements in SQL commands, which could lead to SQL...

OpenNMS Horizon 安全漏洞

OpenNMS Horizon is an open source solution from OpenNMS, Inc. that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon version 33.0.8 and versions prior to 33.1.6 that stems from a stored cross-site scripting vulnerabili...