VYPR

Vendor CVEs

Pandorafms

All CVEs

65 total · sorted by risk
  • CVE-2024-11320Nov 21, 2024
    risk 0.10cvss epss 0.91

    Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4

  • CVE-2025-34088Jul 3, 2025
    risk 0.09cvss epss 0.05

    An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as…

  • CVE-2025-5306Jun 27, 2025
    risk 0.09cvss epss 0.20

    Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778

  • CVE-2024-35307Jun 10, 2024
    risk 0.01cvss epss 0.01

    Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.

  • CVE-2024-12992Mar 17, 2025
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .

  • CVE-2024-35308Oct 22, 2024
    risk 0.00cvss epss 0.01

    A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.

  • CVE-2024-9987Oct 22, 2024
    risk 0.00cvss epss 0.00

    A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.

  • CVE-2024-35306Jun 10, 2024
    risk 0.00cvss epss 0.01

    OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.

  • CVE-2024-35305Jun 10, 2024
    risk 0.00cvss epss 0.00

    Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.

  • CVE-2024-35304Jun 10, 2024
    risk 0.00cvss epss 0.01

    System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.

  • CVE-2023-41793Mar 19, 2024
    risk 0.00cvss epss 0.00

    : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.

  • CVE-2023-44092Mar 19, 2024
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from…

  • CVE-2023-44091Mar 19, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776.

  • CVE-2023-44090Mar 19, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700…

  • CVE-2014-8629Nov 19, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.

Page 2 of 2