Every CVE whose affected-product data names Xorux Lpar2rrd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2014-4981 — CVSS 9.8 (critical): LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI…
CVE-2020-24032 — CVSS 9.8 (critical): tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
CVE-2025-54769 — CVSS 8.8 (high): An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of…
CVE-2021-42372 — CVSS 8.8 (high): A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers…
CVE-2021-42370 — CVSS 7.5 (high): A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML…
CVE-2025-54767 — CVSS 6.5 (medium): An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
CVE-2025-54768 — CVSS 5.3 (medium): An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web…