Eyesofnetwork Eyesofnetwork

  1. Vendors
  2. Eyesofnetwork

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Eyesofnetwork product.

RSS Feeds for Eyesofnetwork security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Eyesofnetwork products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Eyesofnetwork Sorted by Most Security Vulnerabilities since 2018

Eyesofnetwork32 vulnerabilities

Eyesofnetwork Eonweb7 vulnerabilities

Eyesofnetwork Web Interface3 vulnerabilities

Known Exploited Eyesofnetwork Vulnerabilities

The following Eyesofnetwork vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
EyesOfNetwork 5.3 Insufficient Credential Protection Issue in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
CVE-2020-8657 Exploit Probability: 88.9% 		November 3, 2021
EyesOfNetwork 5.3 Privilege Escalation Vulnerability Issue in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
CVE-2020-8655 Exploit Probability: 87.9% 		November 3, 2021

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 0 vulnerabilities in Eyesofnetwork. Last year, in 2025 Eyesofnetwork had 1 security vulnerability published. Right now, Eyesofnetwork is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 1 0.00
2024 0 0.00
2023 0 0.00
2022 7 7.21
2021 3 9.13
2020 7 9.05
2019 1 0.00

It may take a day or so for new Eyesofnetwork vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Eyesofnetwork Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2022-41572 Jan 07, 2025
EyesOfNetwork (EON) <=5.3.11 Priv Esc via nmap run as root An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
Eyesofnetwork
CVE-2022-41434 Nov 08, 2022
EyesOfNetwork Web Interface 5.3 XSS via /lilac/main.php EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php.
Web Interface
CVE-2022-41433 Nov 08, 2022
EyesOfNetwork Web Interface 5.3 XSS via /module/admin_bp/add_application.php EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php.
Web Interface
CVE-2022-41432 Nov 08, 2022
EyesOfNetwork Web UI v5.3 Reflected XSS /module/report_event/index.php EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php.
Web Interface
CVE-2022-41571 Sep 27, 2022
LFI in EyesOfNetwork EON <=5.3.11 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
Eyesofnetwork
CVE-2022-41570 Sep 27, 2022
EON 5.3.11 Unauth SQLi in EyesOfNetwork An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
Eyesofnetwork
CVE-2021-40643 Jun 30, 2022
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").
Eyesofnetwork
CVE-2022-24612 Feb 25, 2022
An authenticated user can upload an XML file containing an XSS An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS.
Eyesofnetwork
CVE-2021-33525 May 24, 2021
EyesOfNetwork eonweb through 5.3-11 EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell.
Eyesofnetwork
CVE-2021-27513 Feb 22, 2021
The module admin_ITSM in EyesOfNetwork 5.3-10 The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."
Eyesofnetwork
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.