librenms

Top products

The 15 most recently published vulnerabilities affecting librenms.

• CVE-2024-51092LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's ...9.1May 8, 2026
• CVE-2026-6204LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation re...7.2Apr 13, 2026
• CVE-2026-2728LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation ...4.8Apr 13, 2026
• CVE-2026-26992LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name4.8Feb 20, 2026
• CVE-2026-26991LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name4.8Feb 20, 2026
• CVE-2026-27016LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()5.4Feb 20, 2026
• CVE-2026-26990LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php8.8Feb 20, 2026
• CVE-2026-26989LibreNMS has Stored XSS in Alert Rule4.3Feb 20, 2026
• CVE-2026-26988LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream9.1Feb 20, 2026
• CVE-2026-26987LibreNMS affected by reflected XSS via email field6.1Feb 20, 2026
• CVE-2020-36947LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection7.1Jan 27, 2026
• CVE-2025-68614LibreNMS Alert Rule API Cross-Site Scripting Vulnerability4.3Dec 22, 2025
• CVE-2025-65093LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint5.5Nov 18, 2025
• CVE-2025-65014LibreNMS has Weak Password Policy3.7Nov 18, 2025
• CVE-2025-65013LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`6.2Nov 18, 2025