VYPR

Librenms

by Librenms

Source repositories

CVEs (90)

  • CVE-2024-51092CriMay 8, 2026
    risk 0.66cvss 9.1epss 0.07

    LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().

  • CVE-2026-30480MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesystem via path traversal sequences in the nfsen parameter.

  • CVE-2026-6204HigApr 13, 2026
    risk 0.40cvss 7.2epss 0.08

    LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the…

  • CVE-2017-16759MedNov 9, 2017
    risk 0.32cvss 5.9epss 0.02

    The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.

  • CVE-2026-49870medJun 23, 2026
    risk 0.26cvss epss

    ### Impact `POST /two-factor` had no rate limiting, lockout, or attempt counter. An attacker with valid credentials can submit unlimited TOTP guesses. The TOTP implementation accepts the current code plus one step on either side (`config/google2fa.php window=1`), so at any…

  • CVE-2026-2728MedApr 13, 2026
    risk 0.24cvss 4.8epss 0.00

    LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the…

  • CVE-2018-20434Apr 24, 2019
    risk 0.08cvss epss 0.71

    LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request…

  • CVE-2019-10669Sep 9, 2019
    risk 0.07cvss epss 0.81

    An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to…

  • CVE-2022-3562Nov 20, 2022
    risk 0.01cvss epss 0.94

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

  • CVE-2026-26992Feb 20, 2026
    risk 0.00cvss epss 0.00

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a port group, an HTTP…

  • CVE-2026-26991Feb 20, 2026
    risk 0.00cvss epss 0.00

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting (XSS) attacks. When a user adds a device group, an…

  • CVE-2026-27016Feb 20, 2026
    risk 0.00cvss epss 0.00

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks strip_tags() sanitization while other fields (name, oid, datatype)…

  • CVE-2026-26990Feb 20, 2026
    risk 0.00cvss epss 0.04

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is…

  • CVE-2026-26989Feb 20, 2026
    risk 0.00cvss epss 0.00

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that…

  • CVE-2026-26988Feb 20, 2026
    risk 0.00cvss epss 0.07

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address…

  • CVE-2026-26987Feb 20, 2026
    risk 0.00cvss epss 0.00

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable to Reflected XSS attacks via email field. This issue has been fixed in version 26.2.0.

  • CVE-2020-36947Jan 27, 2026
    risk 0.00cvss epss 0.00

    LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection…

  • CVE-2025-68614Dec 22, 2025
    risk 0.00cvss epss 0.03

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can…

  • CVE-2025-65093Nov 18, 2025
    risk 0.00cvss epss 0.03

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly…

  • CVE-2025-65014Nov 18, 2025
    risk 0.00cvss epss 0.00

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create…

Page 1 of 5