104 matches found
CVE-2024-51092
LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...
LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write
Summary A vulnerability has been identified that allows an authenticated administrator to execute arbitrary code on the host server. By modifying the binary path settings for built-in network tools and bypassing an input filter, an attacker with administrative privileges can download and execute...
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...
CVE-2026-26990
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...
CVE-2025-23199
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: /ajaxform.php - param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page...
CVE-2025-23201
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting XSS on the parameters:/addhost - param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with th...
CVE-2023-4977
Code Injection in GitHub repository librenms/librenms prior to 23.9.0...
Cross-site Scripting (XSS)
librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper filtering in the reportthis function in librenms/includes/functions.php, specifically incorrect use of htmlentities in an href context, which allows an attacker to inject malicious script v...
CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...
EUVD-2019-0711
Malware in sbrugna...
EUVD-2019-0717
Malware in sbrugna...
EUVD-2024-3196
Malicious code in bioql PyPI...
EUVD-2024-3303
Malicious code in bioql PyPI...
EUVD-2025-0095
Malicious code in bioql PyPI...
EUVD-2024-3206
Malicious code in bioql PyPI...
EUVD-2024-3222
Malicious code in bioql PyPI...
EUVD-2024-3177
Malicious code in bioql PyPI...
EUVD-2022-3412
Malicious code in bioql PyPI...