EUVD-2025-22384

Malicious code in bioql PyPI...

CVE-2025-54138 LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajaxform.php endpoint that permits Remote File Inclusion base...

CVE-2025-54138 LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajaxform.php endpoint that permits Remote File Inclusion base...

CVE-2025-54138

CVE-2025-54138 affects LibreNMS 25.6.0 and earlier. The vulnerability is an architectural Remote File Inclusion in the ajax_form.php endpoint: user-controlled POST input (type) causes inclusion of includes/html/forms/{type}.inc.php, enabling a potential Remote Code Execution if an attacker can st...

LibreNMS 安全漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A security vulnerability exists in LibreNMS 25.6.0 and prior versions, which stems from...

LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE

LibreNMS 25.6.0 contains an architectural vulnerability in the ajaxform.php endpoint that permits Remote File Inclusion based on user-controlled POST input. The application directly uses the type parameter to dynamically include .inc.php files from the trusted path includes/html/forms/, without...

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization of the descr parameter in /ajaxform.php, allows malicious scripts to be injected and stored in the system...

GHSA-G5R6-VRMX-9GWJ LibreNMS SQL Injection vulnerability

In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php deviceid POST parameter to ajaxform.php...

LibreNMS SQL Injection vulnerability

In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php deviceid POST parameter to ajaxform.php...

GHSA-9M82-F3WX-P625 LibreNMS XSS Vulnerability

Persistent Cross-Site Scripting XSS issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboardname parameter in the /ajaxform.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and...

CVE-2020-15873

In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php deviceid POST parameter to ajaxform.php...

Sql injection

In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php deviceid POST parameter to ajaxform.php...

Cross-Site Scripting (XSS)

LibreNMS is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript and HTML into a victim's browser through the dashboardname parameter in ajaxform.php...

CVE-2018-18478

Persistent Cross-Site Scripting XSS issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboardname parameter in the /ajaxform.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and...

Cross site scripting

Persistent Cross-Site Scripting XSS issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboardname parameter in the /ajaxform.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and...