Vulnerabilities > Librenms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-20 | CVE-2022-4070 | Insufficient Session Expiration vulnerability in Librenms Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0. | 9.8 |
| 2019-04-24 | CVE-2018-20434 | OS Command Injection vulnerability in Librenms 1.46 LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. | 10.0 |