Pandora Fms

pandora_fms

Vendor: Artica • 67 CVEs

CVEs (67)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-34187 1Artica 1Pandora Fms May 14, 2026 May 12, 2026 7.6 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30810 1Artica 1Pandora Fms May 13, 2026 May 12, 2026 7.1 HIGH· v4 8.8 HIGH· v3 N/A· v2 Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30808 1Artica 1Pandora Fms May 13, 2026 May 12, 2026 7.6 HIGH· v4 8.1 HIGH· v3 N/A· v2 Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30807 1Artica 1Pandora Fms May 13, 2026 May 12, 2026 7.1 HIGH· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30805 1Artica 1Pandora Fms May 13, 2026 May 12, 2026 9.1 CRITICAL· v4 9.1 CRITICAL· v3 N/A· v2 Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800
CVE-2026-34188 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 7.5 HIGH· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800
CVE-2026-34186 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30813 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30812 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 2.1 LOW· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30811 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.4 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30809 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30806 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800
CVE-2026-30804 1Artica 1Pandora Fms Apr 22, 2026 Apr 13, 2026 8.6 HIGH· v4 7.2 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800
CVE-2025-5306 1Artica 1Pandora Fms Sep 16, 2025 Jun 27, 2025 7.0 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
CVE-2024-12992 1Artica 1Pandora Fms Sep 16, 2025 Mar 17, 2025 8.6 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .
CVE-2024-12971 1Artica 1Pandora Fms Sep 16, 2025 Mar 17, 2025 8.6 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6
CVE-2024-35307 1Artica 1Pandora Fms Sep 16, 2025 Jun 10, 2024 9.4 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.
CVE-2024-35306 1Artica 1Pandora Fms Sep 16, 2025 Jun 10, 2024 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.
CVE-2024-35305 1Artica 1Pandora Fms Sep 16, 2025 Jun 10, 2024 8.9 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.
CVE-2024-35304 1Artica 1Pandora Fms Sep 16, 2025 Jun 10, 2024 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.

12 3 4 Next