VYPR

Openitcockpit

by Openitcockpit

Source repositories

CVEs (14)

  • CVE-2019-15494CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.02

    openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.

  • CVE-2019-15490CriAug 23, 2019
    risk 0.64cvss 9.8epss 0.02

    openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.

  • CVE-2026-24893HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary…

  • CVE-2019-15491HigAug 23, 2019
    risk 0.57cvss 8.8epss 0.01

    openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.

  • CVE-2019-15493HigAug 23, 2019
    risk 0.49cvss 7.5epss 0.01

    openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.

  • CVE-2019-10227MedDec 31, 2019
    risk 0.43cvss 6.1epss 0.01

    openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.

  • CVE-2019-15492MedAug 23, 2019
    risk 0.40cvss 6.1epss 0.01

    openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.

  • CVE-2026-24892Feb 20, 2026
    risk 0.00cvss epss 0.01

    openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized…

  • CVE-2026-24891Feb 20, 2026
    risk 0.00cvss epss 0.00

    openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitc_gearman calls…

  • CVE-2020-10788CriMar 25, 2020
    risk 0.00cvss 9.1epss 0.02

    openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.

  • CVE-2020-10791MedMar 25, 2020
    risk 0.00cvss 6.5epss 0.01

    app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.

  • CVE-2020-10790MedMar 25, 2020
    risk 0.00cvss 5.4epss 0.01

    openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.

  • CVE-2020-10789CriMar 25, 2020
    risk 0.00cvss 9.8epss 0.02

    openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.

  • CVE-2020-10792HigMar 20, 2020
    risk 0.00cvss 7.5epss 0.02

    openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.