In Sentry versions starting from 21.12.0 before 24.12.1 a medium severity vulnerability CVE-2025-22146 was detected. This vulnerability allows attackers to exploit Sentry’s SAML SSO to crash the application by sending posts with improperly formatted attachments. To fix this issue, users should upgrade Sentry to version 25.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-22146.
Read more MonitoringIn Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23200 was detected. This vulnerability allows attackers to inject malicious scripts into Librenms, which can then execute when viewed by a user, potentially leading to unauthorized actions or data exposure. To fix this issue, users should upgrade Librenms to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23200.
Read more MonitoringIn Librenms versions up to 24.10.1 a medium severity vulnerability CVE-2025-23198 was detected. This vulnerability allows attackers to insert malicious scripts, which execute when a user interacts with the page, potentially resulting in unauthorized actions. To fix this issue, users should upgrade Librenms to version 24.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-23198.
Read more MonitoringIn LibreNMS versions prior to 24.10.1 a medium severity vulnerability CVE-2025-23201 was detected. This vulnerability allows remote attackers to execute malicious scripts via the `/addhost` parameter `community`, leading to unauthorized actions or data exposure. To address this issue, users should upgrade LibreNMS to version 24.11.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23201.
Read more MonitoringIn Nagios XI version 2024R1.1.4 a medium severity vulnerability CVE-2024-42898 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-42898.
Read more MonitoringIn LibreNMS versions 24.9.0 up to 24.10.0 a medium severity vulnerability CVE-2024-53457 was detected. This vulnerability lets attackers run harmful web scripts or HTML code by adding a specially crafted input into the Display Name field. To address this issue, users should upgrade LibreNMS to version 24.10.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53457.
Read more MonitoringIn Zabbix versions 5.0.0 <= 5.0.42, 6.0.0 <= 6.0.32, 6.4.0 <= 6.4.17, and 7.0.0 <= 7.0.1rc1 a high severity vulnerability CVE-2024-36467 was detected. This vulnerability allows authenticated users with API access (users with the default User role) to add themselves to any group, such as Zabbix Administrators, except for groups that are disabled or have restricted GUI access. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36467.
Read more MonitoringIn Zabbix versions 7.0.0 through 7.0.2rc1 a low-severity vulnerability CVE-2024-36468 was detected. This vulnerability allows attackers to exploit a stack buffer overflow in the `zbx_snmp_cache_handle_engineid` function, caused by improper bounds checking when copying data from `session->securityEngineID` to `local_record.engineid`. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36468.
Read more MonitoringIn Browser WebDriver for Zabbix versions from 7.0.0 to 7.0.3 a medium severity vulnerability CVE-2024-42328 was detected. This vulnerability allows attackers to crash the application by exploiting a NULL pointer dereference when the server returns an empty response. To fix this issue, users should upgrade Zabbix to version 7.0.4rc1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-42328.
Read more Monitoring