Lucene search
+L

1207 matches found

Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.11 views

PT-2026-20981

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

5.3CVSS5.4AI score0.00291EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.12 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 contained a cross-site scripting vulnerability. This...

4.8CVSS5.7AI score0.00238EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

LibreNMS SQL注入漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability, which stems from...

8.8CVSS5.9AI score0.04054EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.30 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...

5.1CVSS5.7AI score0.00216EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.18 views

PT-2026-20904

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

4.3CVSS5.6AI score0.00238EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/18 10:31 p.m.7 views

SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the address parameter in the address-search.inc.php process. An authenticated attacker can extract...

8.8CVSS6AI score0.04054EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 10:31 p.m.17 views

GHSA-79Q9-WC6P-CF92 LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

8.8CVSS6AI score0.04054EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/18 10:30 p.m.8 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the alertrulelist.inc.php process. An attacker can execute arbitrary JavaScript code in...

4.8CVSS5.7AI score0.00238EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/18 10:30 p.m.9 views

LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

4.8CVSS5.5AI score0.00238EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/18 10:30 p.m.7 views

GHSA-6XMX-XR9P-58P7 LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

4.3CVSS5.5AI score0.00238EPSS
Exploits1References6
OSV
OSV
added 2026/02/18 10:30 p.m.5 views

GHSA-H3RV-Q4RQ-PQCV LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.

Summary SQL Injection in IPv6 Address Search functionality via address parameter A SQL injection vulnerability exists in the ajaxtable.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is...

9.3CVSS6.6AI score0.0744EPSS
Exploits2References4
Snyk
Snyk
added 2026/02/18 10:30 p.m.5 views

SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the address parameter in the IPv6 address search process. An attacker can execute arbitrary SQL...

9.3CVSS6.4AI score0.0744EPSS
Exploits2References2
OSV
OSV
added 2026/02/18 10:8 p.m.5 views

GHSA-FQX6-693C-F55G LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/18 10:8 p.m.13 views

LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/02/18 10:7 p.m.5 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /port-groups. An attacker with admin...

5.4CVSS5.6AI score0.00216EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 10:7 p.m.4 views

GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.8 views

LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/02/18 10:7 p.m.6 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /device-groups. An attacker with admin...

5.4CVSS5.6AI score0.00216EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.9 views

LibreNMS /device-groups name Stored Cross-Site Scripting

Summary /device-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/device-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a device group, an HTTP POST request is sent to the Request-URI "/device-groups". The...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/18 10:7 p.m.7 views

LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

6.1CVSS5.5AI score0.00291EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder