CVE-2026-26988

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

CVE-2026-26988

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

CVE-2026-26988

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

CVE-2026-26988 LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

CVE-2026-26988 LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically,...

CVE-2026-26988

CVE-2026-26988 affects LibreNMS (versions ≤ 25.12.0) via an SQL Injection in the IPv6 address search path of the ajax_table.php endpoint. The root cause is that the address parameter is split into an address and a prefix, and the prefix is directly concatenated into the SQL query without validati...

LibreNMS SQL注入漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability. This vulnerabilit...

GHSA-79Q9-WC6P-CF92 LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.

Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...

EUVD-2009-3105

Malware in sbrugna...

EUVD-2009-3104

Malware in sbrugna...

LibreNMS SQL Injection Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A SQL injection vulnerability exists in the html/ajaxtable.php file in LibreNMS 1.47 and earlier versions. A...

CVE-2009-3122

The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors...

CVE-2009-3121

Cross-site scripting XSS vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-3122

The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors...

CVE-2009-3122

The CVE-2009-3122 entry concerns the Ajax Table module 5.x for Drupal, which does not perform access control. This unspecified-vectors flaw allows remote attackers to delete arbitrary users and nodes. The description confirms the vulnerable component and the impact (unauthorized deletion) but pro...

CVE-2009-3121

Cross-site scripting XSS vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-3121

The CVE-2009-3121 entry describes a cross-site scripting (XSS) vulnerability in the Drupal Ajax Table module 5.x. The affected component is the Ajax Table module (Drupal) version 5.x; the root cause is not detailed beyond generic XSS in the module. Impact is described as allowing remote attackers...

SA-CONTRIB-2009-053 - Ajax Table - Multiple vulnerabilities

The Ajax Table module allows one to create AJAX-refreshable tables by supplying a few parameters. Access bypass The module lacks access checks, which makes it possible for any user to delete arbitrary users and nodes. The module contains a number of security issues. Cross site scripting The modul...