52 matches found
CVE-2023-40314
Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that...
EUVD-2021-12791
Malware in sbrugna...
EUVD-2020-4225
Malware in sbrugna...
EUVD-2025-19232
Malicious code in bioql PyPI...
EUVD-2023-0658
Malicious code in bioql PyPI...
EUVD-2023-0739
Malicious code in bioql PyPI...
EUVD-2023-1053
Malicious code in bioql PyPI...
EUVD-2023-2949
Malicious code in bioql PyPI...
EUVD-2023-0684
Malicious code in bioql PyPI...
EUVD-2022-3490
Malicious code in bioql PyPI...
CVE-2025-53122
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state...
CVE-2025-53122
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state...
CVE-2025-53122
OpenNMS Horizon and Meridian are affected by CVE-2025-53122, a SQL Injection due to improper neutralization of special elements in SQL commands. The fix is upgrading to Meridian 2024.2.6+ or Horizon 33.16+ (as referenced in OpenNMS advisories). Affected products: OpenNMS Horizon and Meridian; roo...
CVE-2025-53122 SQLi in OpenNMS Horizon and Meridian
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state...
CVE-2025-53121
Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to upgrade to Horizon...
PT-2025-27011 · Opennms · Opennms Meridian +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2024.2.6 OpenNMS Horizon versions prior to 33.16 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for...
CVE-2023-0867
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horiz...
CVE-2021-25930
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and...
PT-2023-27377 · Opennms · Opennms Horizon +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.9 OpenNMS Horizon versions prior to 32.0.5 Description: Cross-site scripting in bootstrap.jsp allows an attacker access to confidential session information. The installation instructions for Meridian...
PT-2023-27376 · Opennms · Opennms Meridian +1
Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38 Description: A BeanShe...