Lucene search
K

7 matches found

NVD
NVD
added 2026/02/20 2:16 a.m.10 views

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...

5.4CVSS0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 1:34 a.m.32 views

CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...

5.4CVSS0.00227EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.6 views

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon versions 24.10.0 through 24.10.13, 24.04.0 through 24.04.1...

6.8CVSS5.8AI score0.00235EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/24 7:26 p.m.5 views

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

7.2CVSS7.8AI score0.00381EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 6:56 p.m.7 views

CVE-2025-6791 Second order SQL injection available to user with low privilege

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

8.8CVSS7.3AI score0.00308EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/22 6:50 p.m.4 views

CVE-2025-4650 User with high privileges is able to introduce a SQLi using the Meta Service indicator page

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

7.2CVSS7AI score0.00381EPSS
Exploits0References2
CVE
CVE
added 2025/08/22 6:50 p.m.16 views

CVE-2025-4650

Centreon Web SQL Injection (CVE-2025-4650) affects Centreon Web via the Meta Service indicator page. The root cause is improper neutralization of special elements in an SQL command, enabling a high-privilege attacker to perform a SQLi without user interaction. Affected versions include web 23.10....

7.2CVSS7.1AI score0.00381EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder