CVE-2026-33495

Ory Oathkeeper is vulnerable to an authentication bypass when behind proxies/CDNs due to improper handling of X-Forwarded-Proto. If serve.proxy.trust_forwarded_headers is not respected, requests with manipulated X-Forwarded-Proto can satisfy a different rule-set (HTTP vs HTTPS) and bypass authent...

CVE-2026-33494 Ory Oathkeeper has a path traversal authorization bypass

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences...

CVE-2026-33494

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences...

Ory Keto SQL注入漏洞

Ory Keto is an open-source authorization server developed by Ory. Versions of Ory Keto prior to 26.2.0 contained a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...

Ory Kratos SQL注入漏洞

Ory Kratos is an open-source system developed by Ory, designed with developers in mind, featuring strong security measures and proven reliability. Prior to version 26.2.0, Ory Kratos had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which...

Ory Oathkeeper 安全漏洞

Ory Oathkeeper is an access control decision-making software developed by Ory OpenSource. Versions of Ory Oathkeeper prior to 26.2.0 contained security vulnerabilities. These vulnerabilities stemmed from incorrect configuration settings, where the header X-Forwarded-Proto was trusted indefinitely...

Ory Hydra SQL注入漏洞

Ory Hydra is an OpenID connection tool developed by Ory. Versions of Ory Hydra prior to 26.2.0 had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

CVE-2026-26992

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...

CVE-2026-26991

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...

CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...

CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...

CVE-2026-26992

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...

CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...

CVE-2026-26991

LibreNMS (versions 26.1.1 and earlier) is vulnerable to Stored Cross‑Site Scripting via the /device-groups name parameter when an admin user creates a device group. The unsanitized name can be stored and later rendered in the UI (e.g., Delete button context), enabling injected JavaScript. The iss...

CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0...

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...

CVE-2026-27016

LibreNMS (versions 24.10.0–26.1.1) contains a Stored XSS in the Custom OID unit field due to missing strip_tags() sanitization (unit is taken from POST without sanitization; other fields are sanitized). The unsanitized value is stored and rendered without HTML escaping in device graphs, enabling ...