CVE-2026-34187

< 777.17

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container paramete

9.8CRITICAL

CVE-2026-30810

< 777.17

Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: f

8.8HIGH

CVE-2026-30808

< 777.17

Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 8

8.1HIGH

CVE-2026-30807

< 777.17

Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affec

8.8HIGH

CVE-2026-30805

< 777.17

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora

9.1CRITICAL

CVE-2026-34188

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response exe

7.2HIGH

CVE-2026-34186

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issu

8.8HIGH

CVE-2026-30813

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issu

8.8HIGH

CVE-2026-30812

>= 777 and < 800.1

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. T

5.4MEDIUM

CVE-2026-30811

>= 777 and < 800.1

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandor

6.5MEDIUM

CVE-2026-30809

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDeb

8.8HIGH

CVE-2026-30806

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. Th

8.8HIGH

CVE-2026-30804

>= 777 and < 800.1

Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pan

7.2HIGH

CVE-2025-5306

>= 774 and <= 778

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pand

9.8CRITICAL

CVE-2024-12992

>= 700 and < 777.8

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affe

9.8CRITICAL

CVE-2024-12971

>= 700 and < 777.8

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora

8.8HIGH

CVE-2024-35307

>= 700 and < 777

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute ar

9.8CRITICAL

CVE-2024-35306

>= 700 and < 777

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue af

9.8CRITICAL

CVE-2024-35305

>= 700 and < 777

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from

9.8CRITICAL

CVE-2024-35304

>= 700 and < 777

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary syste

9.8CRITICAL

CVE-2023-44092

>= 700 and < 776

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all

7.6HIGH

CVE-2023-44091

>= 700 and < 776

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQ

7.5HIGH

CVE-2023-44090

>= 700 and < 776

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CV

6.8MEDIUM

CVE-2023-41793

>= 700 and < 776

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and c

6.7MEDIUM

CVE-2023-4677

>= 700 and < 773

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to s

7.0HIGH

CVE-2023-41812

>= 700 and < 774

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Co

5.7MEDIUM

CVE-2023-41811

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

5.3MEDIUM

CVE-2023-41810

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

4.0MEDIUM

CVE-2023-41808

>= 700 and <= 773

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauth

8.5HIGH

CVE-2023-41807

>= 700 and <= 773

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to

9.1CRITICAL

CVE-2023-41806

>= 700 and <= 773

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a ba

8.2HIGH

CVE-2023-41792

>= 700 and <= 773

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowe

5.9MEDIUM

CVE-2023-41791

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

8.4HIGH

CVE-2023-41790

>= 700 and <= 773

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Path

7.6HIGH

CVE-2023-41789

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

7.6HIGH

CVE-2023-41788

>= 700 and < 774

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Co

7.6HIGH

CVE-2023-41787

>= 700 and < 773

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Path

6.0MEDIUM

CVE-2023-41786

>= 700 and < 773

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnera

6.8MEDIUM

CVE-2021-46681

< 757

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via

4.0MEDIUM

CVE-2021-36698

<= 755

Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.

5.4MEDIUM

CVE-2021-36697

<= 755

With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new

6.7MEDIUM

CVE-2021-34075

<= 754

In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attacke

5.9MEDIUM

CVE-2021-32100

all versions

A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.

6.5MEDIUM

CVE-2021-32099

all versions

A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upg

9.8CRITICAL

CVE-2021-32098

all versions

Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.

9.8CRITICAL

CVE-2020-26518

< 743

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/ch

9.8CRITICAL

CVE-2020-8511

<= 7.42

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository co

7.2HIGH

CVE-2020-7935

<= 7.42

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dang

7.2HIGH

CVE-2020-8497

<= 7.42

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it conta

5.3MEDIUM

CVE-2020-5844

all versions

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload m

7.2HIGH

CVE-2020-8500

all versions

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension compo

7.2HIGH

CVE-2020-8947

all versions

functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters

7.2HIGH

CVE-2019-20050

all versions

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user shoul

6.8MEDIUM

CVE-2019-20224

all versions

netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands

8.8HIGH

CVE-2019-19681

all versions

Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it i

8.8HIGH

CVE-2018-11223

< 7.0_ng_723

XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pan

5.4MEDIUM

CVE-2018-11222

<= 7.23

Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_con

7.5HIGH

CVE-2018-11221

<= 7.23

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin

9.8CRITICAL

CVE-2017-15937

all versions

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition

6.5MEDIUM

CVE-2017-15936

all versions

In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters t

5.4MEDIUM

CVE-2017-15935

all versions

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploit

7.2HIGH

CVE-2017-15934

all versions

Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.

5.4MEDIUM

CVE-2010-4283

<= 3.1

PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute

CVE-2010-4282

<= 3.1

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary l

CVE-2010-4281

<= 3.1

Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attac

CVE-2010-4280

<= 3.1

Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL comma

CVE-2010-4279

<= 3.1

The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remot

CVE-2010-4278

<= 3.1

operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via s