Librenms

Librenms

101 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-47525

Exploit
  • EPSS 7.36%
  • Veröffentlicht 01.10.2024 21:15:07
  • Zuletzt bearbeitet 07.10.2024 19:08:18

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulne...

2.4

CVE-2024-47526

Exploit
  • EPSS 0.14%
  • Veröffentlicht 01.10.2024 21:15:07
  • Zuletzt bearbeitet 19.12.2024 15:49:50

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script ...

5.4

CVE-2024-47527

Exploit
  • EPSS 0.38%
  • Veröffentlicht 01.10.2024 21:15:07
  • Zuletzt bearbeitet 07.10.2024 19:08:41

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hos...

7.2

CVE-2024-32480

Exploit
  • EPSS 0.41%
  • Veröffentlicht 22.04.2024 23:15:50
  • Zuletzt bearbeitet 02.01.2025 21:38:11

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporat...

5.4

CVE-2024-32479

Exploit
  • EPSS 0.52%
  • Veröffentlicht 22.04.2024 22:15:08
  • Zuletzt bearbeitet 02.01.2025 21:32:19

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...

8.8

CVE-2024-32461

Exploit
  • EPSS 0.15%
  • Veröffentlicht 22.04.2024 22:15:07
  • Zuletzt bearbeitet 02.01.2025 21:29:53

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the pa...

4.3

CVE-2023-48294

Exploit
  • EPSS 0.02%
  • Veröffentlicht 17.11.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:31:25

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is se...

7.5

CVE-2023-46745

Exploit
  • EPSS 0.01%
  • Veröffentlicht 17.11.2023 22:15:07
  • Zuletzt bearbeitet 21.11.2024 08:29:12

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage th...

5.4

CVE-2023-48295

  • EPSS 0.22%
  • Veröffentlicht 17.11.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 08:31:25

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group...

6.5

CVE-2023-5591

  • EPSS 0.13%
  • Veröffentlicht 16.10.2023 01:15:09
  • Zuletzt bearbeitet 21.11.2024 08:42:05

SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.