LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.12.0, which...

CVE-2025-68614 LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject...

CVE-2025-68614 LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject...

CVE-2025-68614

Summary: CVE-2025-68614 affects LibreNMS prior to 25.12.0, where the Alert Rule API is vulnerable to stored cross-site scripting. The root cause is insufficient sanitization of the alert rule name when creating/updating rules via the API, allowing injected HTML that can be rendered in the Alerts ...

CVE-2025-68614 LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject...

EUVD-2025-204767

Malicious code in dc-extras npm...

Malicious code in mw-frontend-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9706fc1838aa618d5cc4b64d3b1ce78e464ba761a9762bf1c3a39cdc44fda577 The package mw-frontend-utils was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192696 Malicious code in mui-wrapper-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 990f5534f23c3e77faec1b92be83c7827d3136d03abcfefd245b8fa4f987bd52 The package mui-wrapper-core was found to contain malicious code. Source: ghsa-malware ba2ba20b7b8b4a7fae1afa52854fe8be2f326067033269e32445cd20cbad44...

EUVD-2025-204715

Malicious code in utif-updated npm...

PT-2025-52726

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.12.0 Description LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, contains a stored cross-site scripting issue in the Alert Rule API. The alert rule name is not properly sanitized,...

CVE-2025-14992

creationtimestamp| type| source ---|---|--- 2025-12-21 07:05:48+00:00| seen| https://infosec.exchange/users/offseq/statuses/115756285723242241 2025-12-21 07:05:59+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mai5seglda2g 2025-12-22 04:06:09+00:00| seen|...

EUVD-2025-204555

Malicious code in adel-xnetgpt npm...

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

BELL-CVE-2025-68177

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2025-65000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SSH private keys of the Remote alert handlers Linux rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. Th...

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

UBUNTU-CVE-2025-65000

SSH private keys of the "Remote alert handlers Linux" rule were exposed in the rule page's HTML source in Checkmk = 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed...

CVE-2025-65000

CVE-2025-65000 affects Checkmk (Linux Remote alert handlers rule). SSH private keys were exposed in the HTML source of the rule page for Checkmk 2.3.0 and all versions up to 2.4.0p18, potentially allowing unauthorized triggering of predefined alert handlers on affected hosts. The Red Hat, NVD, Ub...