LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...

GHSA-C89F-8G7G-59WJ LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...

CVE-2025-14000

creationtimestamp| type| source ---|---|--- 2025-12-23 13:09:28+00:00| seen| https://gist.github.com/Darkcrai86/38b88dd0bbe8f31b6abf8de4001a191e 2025-12-23 13:34:33+00:00| seen| https://gist.github.com/Darkcrai86/319741ab43d82cddfa549145e264c93b...

Assessing SIEM effectiveness

A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it is configured and what data sources are connected to it. A one-time SIEM setup during implementation is not enough: both the organization's...

MAL-2025-192877 Malicious code in tdm-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8968a0a78c56b7d557376180f0c517c04d41f0d5679431744489211dd82d4aae The package tdm-react was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-192866 Malicious code in sturdyfetch15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8efa01bf8ae7c64fda2970ecad836d73ed8625102c4a109ea1bff1e09c785057 The package sturdyfetch15 was found to contain malicious code...

MAL-2025-192857 Malicious code in redux-motion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f2c75a688e2b889d1874da5d154e572f644290f2064d724629c36f7f396d43e The package redux-motion was found to contain malicious code...

Malicious code in react-resizable-text (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b791a5578b446e5de9303b32ba8d60c1a02675d40f4fea3db73997d2de3759e5 The package react-resizable-text was found to contain malicious code...

MAL-2025-192836 Malicious code in node-calculator-98ba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97066fa13c451f8e27d4a140e49f882ea4d259609ae539e005a948e06e36268c The package node-calculator-98ba was found to contain malicious code...

MAL-2025-192828 Malicious code in node-calculator-2eb4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e571a443d6fe04b41f5a714fb830514677b55d53d42bac0260f312e4a8b72b6f The package node-calculator-2eb4 was found to contain malicious code...

MAL-2025-192799 Malicious code in gibertserct15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dcf1ea6477d7bbd80b0e598d5b8fd059b9f00222e393308e69c08489e29e985 The package gibertserct15 was found to contain malicious code...

MAL-2025-192782 Malicious code in elf-stats-shimmering-fir-491 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 814231062345096048a888507b3b8a1c4a5596764e33310ecc94a6b441ec6543 The package elf-stats-shimmering-fir-491 was found to contain malicious code...

Malicious code in elf-stats-glittering-cookie-844 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35d3fbb5614bda10029530cf75770c8dbd32439a26872c6f095c738d2ab33b21 The package elf-stats-glittering-cookie-844 was found to contain malicious code...

Malicious code in bootstrap-setflexcolor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90557c8cf061fb243537b42df1c27af4fc410d5a3bbeb6df2346720058fa9d4f The package bootstrap-setflexcolor was found to contain malicious code...

EUVD-2025-204937

Malicious code in bootstrap-setcolor npm...

EUVD-2025-204941

Malicious code in auth-handler npm...

MAL-2025-192712 Malicious code in auth-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d1be042f1565157d9c5e97b927919aa32bedb254b501aa374caf00c242ee83 The package auth-handler was found to contain malicious code...

CVE-2025-15012

creationtimestamp| type| source ---|---|--- 2025-12-23 04:48:07+00:00| seen| https://infosec.exchange/users/vuldb/statuses/115767069049209533...

CVE-2025-68614

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject...

LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of LibreNMS. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the name parameter provided to the rules endpoint. The issue results from the lac...