Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/11/19 11:14 p.m.10 views

CVE-2025-65014

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...

3.7CVSS6.8AI score0.00222EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/19 11:14 p.m.11 views

CVE-2025-65013

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...

6.2CVSS5.9AI score0.00216EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/18 11:25 p.m.4 views

Weak Password Requirements

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient enforcement of password complexity requirements during the user creati...

6.3CVSS6.8AI score0.00222EPSS
Exploits1References2
NVD
NVD
added 2025/11/18 11:15 p.m.6 views

CVE-2025-65014

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...

3.7CVSS0.00222EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 11:15 p.m.20 views

CVE-2025-65013

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...

6.2CVSS0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 11:2 p.m.2 views

CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

5.5CVSS7.5AI score0.03207EPSS
Exploits1References1
OSV
OSV
added 2025/11/18 11:2 p.m.5 views

CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

5.5CVSS7.9AI score0.03207EPSS
Exploits1References3
CVE
CVE
added 2025/11/18 11:2 p.m.12 views

CVE-2025-65093

LibreNMS contains a Boolean-Based Blind SQL Injection in the hostname parameter of the /ajax_output.php endpoint. The hostname is interpolated into an SQL query without proper sanitization or parameter binding, enabling an attacker to infer data from the database via conditional responses. Impact...

5.5CVSS7.5AI score0.03207EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/18 11:1 p.m.4 views

CVE-2025-65014 LibreNMS has Weak Password Policy

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...

3.7CVSS6.5AI score0.00222EPSS
Exploits1References1
CVE
CVE
added 2025/11/18 11:1 p.m.13 views

CVE-2025-65014

LibreNMS before 25.11.0 has a weak password policy in user creation, allowing login with weak passwords (e.g., 12345678) and exposing the system to brute-force/credential-stuffing attacks. The issue is patched in 25.11.0; upgrade to that version or apply the available fix per advisories. No explo...

3.7CVSS6.5AI score0.00222EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.9 views

PT-2025-47404

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0 Description The user management functionality of LibreNMS fails to enforce a strong password policy, allowing administrators to create accounts with weak and predictable passwords, such as 12345678. This...

3.7CVSS6.8AI score0.00222EPSS
Exploits1References6
Rows per page
Query Builder