Artica 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk csrf、パス処理の欠陥、vendor risk ssrf, and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure、ファイル上書き, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-34187 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 7.6 | 0.27% | 2026-05-12 | 2026-06-17 |
| CVE-2026-30810 | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 7.1 | 0.30% | 2026-05-12 | 2026-06-17 |
| CVE-2026-30808 | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 7.6 | 0.27% | 2026-05-12 | 2026-06-17 |
| CVE-2026-30807 | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 7.1 | 0.14% | 2026-05-12 | 2026-06-17 |
| CVE-2026-30805 | Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 9.1 | 0.34% | 2026-05-12 | 2026-06-17 |
| CVE-2026-34188 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 7.5 | 1.07% | 2026-04-13 | 2026-06-17 |
| CVE-2026-34186 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 8.7 | 0.25% | 2026-04-13 | 2026-06-17 |
| CVE-2026-30813 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 8.7 | 0.34% | 2026-04-13 | 2026-06-17 |
| CVE-2026-30812 | Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 2.1 | 0.18% | 2026-04-13 | 2026-06-17 |
| CVE-2026-30811 | Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 8.4 | 0.27% | 2026-04-13 | 2026-06-17 |
| CVE-2026-30809 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 8.7 | 0.94% | 2026-04-13 | 2026-06-17 |
| CVE-2026-30806 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 8.7 | 0.94% | 2026-04-13 | 2026-06-17 |
| CVE-2026-30804 | Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800 | [email protected] | 8.6 | 0.43% | 2026-04-13 | 2026-06-17 |
| CVE-2014-125124 | An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving t | [email protected] | 10.0 | 1.84% | 2025-07-31 | 2026-06-16 |
| CVE-2025-5306 | Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778 | [email protected] | 7.0 | 19.94% | 2025-06-27 | 2026-06-17 |
| CVE-2024-12992 | Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 . | [email protected] | 8.6 | 1.26% | 2025-03-17 | 2026-06-17 |
| CVE-2024-12971 | Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6 | [email protected] | 8.6 | 59.42% | 2025-03-17 | 2026-06-17 |
| CVE-2024-35307 | Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. | [email protected] | 9.4 | 0.91% | 2024-06-10 | 2026-06-17 |
| CVE-2024-35306 | OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. | [email protected] | 8.7 | 0.93% | 2024-06-10 | 2026-06-17 |
| CVE-2024-35305 | Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. | [email protected] | 8.9 | 0.39% | 2024-06-10 | 2026-06-17 |