📦 Librenms
by Librenms
🔍 What is Librenms?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This SQL injection vulnerability in LibreNMS allows attackers to execute arbitrary SQL commands through the ajax_table.php endpoint when searching IPv6 addresses. Attackers could potentially access, m...
CVE-2022-29712 allows remote attackers to execute arbitrary commands on LibreNMS servers through command injection vulnerabilities in service_ip, hostname, and service_param parameters. This affects a...
LibreNMS versions 25.12.0 and below contain a time-based blind SQL injection vulnerability in the address-search functionality. Authenticated attackers can exploit this to infer database information b...
This vulnerability in LibreNMS allows remote file inclusion via the ajax_form.php endpoint, potentially leading to remote code execution. Attackers can exploit this by controlling POST input to includ...
This is a stored cross-site scripting (XSS) vulnerability in LibreNMS where administrators can inject malicious JavaScript into Device Group names. When other users view these groups, the JavaScript e...
This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript through device names in the Device Dependencies feature. When other users view affected pages, the m...
This SQL injection vulnerability in LibreNMS allows attackers to manipulate database queries through the 'order' parameter, potentially extracting entire database contents. All LibreNMS instances runn...
This SQL injection vulnerability in LibreNMS allows authenticated users with global read privileges to execute arbitrary SQL commands via the package parameter in the search endpoint. Attackers can ex...
CVE-2022-0580 is an incorrect authorization vulnerability in LibreNMS that allows authenticated users to access unauthorized functionality. This affects LibreNMS installations prior to version 22.2.0 ...
This stored XSS vulnerability in LibreNMS allows attackers with admin privileges to inject malicious scripts into device group names, which execute when other users view those groups. It affects Libre...
This is a stored cross-site scripting (XSS) vulnerability in LibreNMS that allows attackers with administrative privileges to inject malicious scripts into the Alert Rules workflow. When other users v...
This stored XSS vulnerability in LibreNMS allows attackers to inject malicious HTML/JavaScript into alert rule names via the API. When administrators view these alert rules, the malicious code execute...
CVE-2025-65093 is a boolean-based blind SQL injection vulnerability in LibreNMS's /ajax_output.php endpoint. Attackers can manipulate the hostname parameter to infer database contents through conditio...
This reflected cross-site scripting (XSS) vulnerability in LibreNMS allows attackers to craft malicious URLs that execute arbitrary JavaScript in victims' browsers when visited. The vulnerability affe...
This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into the 'group name' parameter of the poller groups form. When other users view the affected page, the scripts e...
This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into device display parameters. When administrators view or edit affected devices, the scripts execute in their b...
This stored cross-site scripting (XSS) vulnerability in LibreNMS allows attackers to inject malicious scripts through the state parameter in ajax_form.php. When users view pages containing the injecte...
A stored cross-site scripting (XSS) vulnerability in LibreNMS allows attackers to inject malicious scripts into the Display Name parameter in Device Settings. When other users view affected device pag...
This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript into the Services tab description field. When other users view the compromised device page, the scri...
This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript into the Port Settings page via the 'descr' parameter. When other users view the compromised port se...
This is a reflected cross-site scripting (XSS) vulnerability in LibreNMS that allows attackers to inject malicious JavaScript via the 'metric' parameter in wireless and health endpoints. When exploite...
This is a stored cross-site scripting (XSS) vulnerability in LibreNMS where administrators can inject malicious JavaScript into device display names. When other users view devices with these names, th...
This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript through the device hostname parameter. When victims view the Capture Debug Information page, their s...
A reflected Cross-Site Scripting (XSS) vulnerability in LibreNMS allows attackers to inject malicious JavaScript via the 'section' parameter in device logs. When users access pages with crafted parame...
This is a stored cross-site scripting (XSS) vulnerability in LibreNMS where administrators can inject malicious JavaScript into device notes. When the ExamplePlugin is enabled, this JavaScript execute...
A weak password policy vulnerability in LibreNMS allows administrators to create user accounts with extremely weak passwords like '12345678'. This exposes the platform to brute-force and credential st...