Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pandora FMS — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting Pandora FMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pandora FMS is an open-source network monitoring and management solution designed to provide comprehensive visibility into IT infrastructure performance and availability. Historically, its codebase has exhibited significant security weaknesses, resulting in forty-three recorded Common Vulnerabilities and Exposures. These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls within its web interface and API components. While the platform serves critical operational needs for system administrators, the high volume of disclosed CVEs indicates a pattern of recurring security defects that require diligent patching. No single catastrophic incident has publicly defined the software’s reputation, but the cumulative risk profile suggests that organizations must prioritize rigorous security hardening and regular updates to mitigate the potential for unauthorized system access or data compromise inherent in its current vulnerability landscape.

Top products by Pandora FMS: Pandora FMS Pandora ITSM
CVE IDTitleCVSSSeverityPublished
CVE-2026-34188 OS Command Injection in Event Response Execution — Pandora FMSCWE-78 9.8 -2026-04-13
CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise — Pandora FMSCWE-89 9.8 -2026-04-13
CVE-2026-30813 SQL Injection in Module Search leads to Database Compromise — Pandora FMSCWE-89 9.8 -2026-04-13
CVE-2026-30812 Stored Cross-Site Scripting in Event Comments via Filter Bypass — Pandora FMSCWE-79 6.1 -2026-04-13
CVE-2026-30811 Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure — Pandora FMSCWE-276 7.5 -2026-04-13
CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution — Pandora FMSCWE-78 9.8 -2026-04-13
CVE-2026-30806 OS Command Injection in Network Report leads to Remote Code Execution — Pandora FMSCWE-78 9.8 -2026-04-13
CVE-2026-30804 Unrestricted File Upload in Extension Uploader leads to Remote Code Execution — Pandora FMSCWE-434 9.8 -2026-04-13
CVE-2025-5306 Command Injection in Netflow path — Pandora FMSCWE-77 9.8AICriticalAI2025-06-27
CVE-2025-4678 Remote Code Execution leads to Command Injection — Pandora ITSMCWE-77 9.8AICriticalAI2025-06-10
CVE-2025-4653 Remote Code Execution leads to Command Injection — Pandora ITSMCWE-77 9.8AICriticalAI2025-06-10
CVE-2024-12992 Remote Code Execution leads to Command Injection — Pandora FMSCWE-77 9.8 -2025-03-17
CVE-2024-12971 QuickShell Authenticated Command Injection — Pandora FMSCWE-77 9.8 -2025-03-17
CVE-2024-11320 Command Injection leading to RCE via LDAP Misconfiguration — Pandora FMSCWE-77 9.8AICriticalAI2024-11-21
CVE-2024-35308 Post-auth Arbitrary File Read in the Server Plugins Section — Pandora FMSCWE-22 6.5AIMediumAI2024-10-22
CVE-2024-9987 SQL Injection in CSV Module Data Collection — Pandora FMSCWE-89 8.8AIHighAI2024-10-22
CVE-2024-35307 Argument Injection Leading to Remote Code Execution in Realtime Graph Extension — Pandora FMSCWE-88 9.8 -2024-06-10
CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request — Pandora FMSCWE-78 9.8 -2024-06-10
CVE-2024-35305 Unauth Time-Based SQL Injection via API — Pandora FMSCWE-89 9.8 -2024-06-10
CVE-2024-35304 System command injection through Netflow function — Pandora FMSCWE-78 9.8 -2024-06-10
CVE-2023-41793 Path Traversal and Untrusted Upload File — Pandora FMSCWE-35 6.7 Medium2024-03-19
CVE-2023-44092 OS Command Injection — Pandora FMSCWE-78 7.6 High2024-03-19
CVE-2023-44091 Unauth Time-Based SQL Injection — Pandora FMSCWE-89 7.5 High2024-03-19
CVE-2023-44090 UnautH SQL Injection — Pandora FMSCWE-89 6.8 Medium2024-03-19
CVE-2023-44089 XSS in Visual Console — Pandora FMSCWE-79 6.1 Medium2023-12-29
CVE-2023-44088 SQL Injection in Visual Console — Pandora FMSCWE-89 5.9 Medium2023-12-29
CVE-2023-41815 XSS in File manager — Pandora FMSCWE-79 7.5 High2023-12-29
CVE-2023-41814 XSS Vulnerability Messages — Pandora FMSCWE-79 3.7 Low2023-12-29
CVE-2023-41813 User notification settings edition — Pandora FMSCWE-79 3.0 Low2023-12-29
CVE-2023-41812 Uploading executables via the file manager — Pandora FMSCWE-434 5.7 Medium2023-11-23

This page lists every published CVE security advisory associated with Pandora FMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.