Pandora fms
This hub aggregates every CVE we track for Pandora fms, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
113
CVEs tracked
19
Critical
43
High
0
In CISA KEV
Severity distribution
MEDIUM45HIGH43CRITICAL19LOW6
Monthly trend
0
0
0
2
1
0
0
0
2
0
0
1
1
0
0
0
0
0
0
0
0
8
5
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Pandora fms.
- CVE-2026-34187SQL Injection in Graph Container Parameter9.8
- CVE-2026-30810Server-Side Request Forgery in API Checker leads to Privilege Escalation8.8
- CVE-2026-30808Session Fixation in Authentication leads to Session Hijacking8.1
- CVE-2026-30807Cross-Site Request Forgery on Extension Pages8.8
- CVE-2026-30805Insecure Default Initialization in API Authentication leads to Authentication Bypass9.1
- CVE-2026-34188OS Command Injection in Event Response Execution7.2
- CVE-2026-34186SQL Injection in Custom Fields leads to Database Compromise8.8
- CVE-2026-30813SQL Injection in Module Search leads to Database Compromise8.8
- CVE-2026-30812Stored Cross-Site Scripting in Event Comments via Filter Bypass5.4
- CVE-2026-30811Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure6.5
- CVE-2026-30809OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution8.8
- CVE-2026-30806OS Command Injection in Network Report leads to Remote Code Execution8.8
- CVE-2026-30804Unrestricted File Upload in Extension Uploader leads to Remote Code Execution7.2
- CVE-2025-34088Pandora FMS Authenticated Remote Code Execution via Ping Module8.8
- CVE-2025-5306Command Injection in Netflow path9.8
Product normalization is registry-driven with AI assist and human review. How it works