Openenergymonitor Emoncms — known CVE vulnerabilities
Every CVE whose affected-product data names Openenergymonitor Emoncms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-22992 — CVSS 9.8 (critical): A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by…
CVE-2025-60938 — CVSS 7.5 (high): Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute…
CVE-2017-5964 — CVSS 6.1 (medium): An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple…
CVE-2025-60936 — CVSS 6.1 (medium): Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API…
CVE-2019-1010008 — CVSS 5.4 (medium): OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially…