VYPR
Vendor

Artica

Products
4
CVEs
66
Across products
66
Status
Private

Products

4

Recent CVEs

66
View all 66 CVEs →
  • CVE-2018-11221CriJun 16, 2018
    risk 0.64cvss 9.8epss 0.05

    Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.

  • CVE-2017-17055CriDec 7, 2017
    risk 0.62cvss 9.0epss 0.09

    Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

  • CVE-2026-30805CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30810HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30807HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-34186HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30813HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30809HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30806HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30808HigMay 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800

  • CVE-2018-11222HigJun 16, 2018
    risk 0.49cvss 7.5epss 0.06

    Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.

  • CVE-2026-34188HigApr 13, 2026
    risk 0.47cvss 7.2epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30804HigApr 13, 2026
    risk 0.47cvss 7.2epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800

  • CVE-2017-15935HigOct 27, 2017
    risk 0.47cvss 7.2epss 0.03

    Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

  • CVE-2026-30811MedApr 13, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800

  • CVE-2017-15937MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).

  • CVE-2026-30812MedApr 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800

  • CVE-2018-11223MedJun 16, 2018
    risk 0.35cvss 5.4epss 0.01

    XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.

  • CVE-2017-15936MedOct 27, 2017
    risk 0.35cvss 5.4epss 0.01

    In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.

  • CVE-2017-15934MedOct 27, 2017
    risk 0.35cvss 5.4epss 0.01

    Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.