1202 matches found
CVE-2026-2728
LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...
CVE-2026-6204
LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
EUVD-2026-21907
LibreNMS: Cross-Site Scripting in ShowConfigController...
GHSA-5GM9-622F-QCG5 LibreNMS: Cross-Site Scripting in ShowConfigController
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...
LibreNMS: Cross-Site Scripting in ShowConfigController
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
CVE-2024-51092
CVE-2024-51092 affects LibreNMS prior to 24.10.0 and allows an authenticated attacker to achieve arbitrary code execution via OS command injection. The root causes are: (1) AboutController.php index() returning a value from shell_exec(); (2) SettingsController.php update() validating and persisti...
LibreNMS: Cross-Site Scripting In ShowConfigController
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the "rancidrepourl" configuration value. When a user navigates to a device's configuration page, this unsanitise...
Remote Code Execution (RCE)
LibreNMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of Binary Locations configuration and the Netcommand feature, which allows an attacker with administrative privileges to execute arbitrary commands on the server...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
EUVD-2026-22251
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
PT-2026-32629
Name of the Vulnerable Software and Affected Versions LibreNMS version 22.11.0-23-gd091788f2 Description A Local File Inclusion LFI issue exists in the NFSen module nfsen.inc.php. This occurs due to improper restriction of the directory path name when processing the nfsen parameter. An...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...
CVE-2026-30480
A Local File Inclusion LFI vulnerability in the NFSen module nfsen.inc.php of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter...