Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

librenms — Vulnerabilities & Security Advisories 50

All 50 CVE vulnerabilities found in librenms, with AI-generated Chinese analysis, references, and POCs.

Vendor: librenms

CVE IDTitleCVSSSeverityPublished
CVE-2026-6204 LibreNMS 安全漏洞 CWE-78 7.2 -2026-04-13
CVE-2026-2728 LibreNMS 安全漏洞 CWE-79 4.8 -2026-04-13
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name CWE-79 4.8 -2026-02-20
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name CWE-79 4.8 -2026-02-20
CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags() CWE-79 5.4 Medium2026-02-20
CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php CWE-89 8.8 High2026-02-20
CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule CWE-79 4.3 Medium2026-02-20
CVE-2026-26988 LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream CWE-89 9.8 -2026-02-20
CVE-2026-26987 LibreNMS affected by reflected XSS via email field CWE-79 6.1 -2026-02-20
CVE-2020-36947 LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection CWE-89 7.1 High2026-01-27
CVE-2025-68614 LibreNMS Alert Rule API Cross-Site Scripting Vulnerability CWE-79 4.3 Medium2025-12-22
CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint CWE-89 5.5 Medium2025-11-18
CVE-2025-65014 LibreNMS has Weak Password Policy CWE-521 3.7 Low2025-11-18
CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` CWE-79 6.2 Medium2025-11-18
CVE-2025-62412 LibreNMS alert-rules Cross-Site Scripting Vulnerability CWE-79 3.8 Low2025-10-16
CVE-2025-62411 Stored XSS in Alert Transport name field in LibreNMS CWE-79 5.5 Medium2025-10-16
CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function CWE-79 6.1AIMediumAI2025-10-13
CVE-2025-55296 LibreNMS allows stored XSS in Alert Template name field CWE-79 5.5 Medium2025-08-18
CVE-2025-54138 LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE CWE-98 7.5 High2025-07-22
CVE-2025-47931 LibreNMS stored Cross-site Scripting vulnerability in poller group name CWE-79 5.4AIMediumAI2025-05-17
CVE-2024-56144 Stored XSS-LibreNMS-Display Name 2 in librenms CWE-79 4.6 Medium2025-01-16
CVE-2025-23198 Stored-XSS-LibreNMS-Display-Name in librenms CWE-79 4.6 Medium2025-01-16
CVE-2025-23199 Stored XSS-LibreNMS-Ports in librenms CWE-79 4.6 Medium2025-01-16
CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms CWE-79 4.6 Medium2025-01-16
CVE-2025-23201 Reflected Cross-site Scripting on error alert in librenms CWE-79 5.4 Medium2025-01-16
CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php CWE-79 4.8 Medium2024-11-15
CVE-2024-51497 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php CWE-79 4.8 Medium2024-11-15
CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php CWE-79 4.8 Medium2024-11-15
CVE-2024-51495 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php CWE-79 4.8 Medium2024-11-15
CVE-2024-51494 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php CWE-79 4.8 Medium2024-11-15

All 50 known CVE vulnerabilities affecting librenms with full Chinese analysis, references, and POCs where available.