EUVD-2025-0097

Malicious code in bioql PyPI...

CVE-2024-56144 Stored XSS-LibreNMS-Display Name 2 in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.11.0 allow remote attackers to inject...

CVE-2025-23201

CVE-2025-23201 affects LibreNMS. The issue is a Cross-site Scripting (XSS) in the /addhost endpoint via the community parameter, impacting Librenms versions up to 24.10.1. The root cause is improper handling/escaping of user-supplied input in this parameter, enabling attackers to inject scripts t...

CVE-2024-50355

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can b...

CVE-2024-51496

CVE-2024-51496 affects LibreNMS (PHP/MySQL/SNMP-based network monitoring). The vulnerability is a Reflected XSS in the metric parameter of the /wireless and /health endpoints, caused by improper input sanitization. Successful exploitation lets an attacker inject arbitrary JavaScript, potentially ...