VYPR

Cockpit Hq/cockpit

by Cockpit Hq

Source repositories

CVEs (20)

  • CVE-2018-9302CriMay 2, 2018
    risk 0.63cvss 9.1epss 0.11

    SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2017-14611CriApr 10, 2018
    risk 0.59cvss 9.1epss 0.02

    SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.

  • CVE-2026-34965HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.01

    Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can…

  • CVE-2018-11471MedMay 25, 2018
    risk 0.35cvss 5.4epss 0.01

    Cockpit 0.5.5 has XSS via a collection, form, or region.

  • CVE-2026-23695MedMay 15, 2026
    risk 0.28cvss 5.4epss 0.00

    Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function() and rendered via Vue's…

  • CVE-2026-31891Mar 18, 2026
    risk 0.00cvss epss 0.00

    Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the…

  • CVE-2023-4451Aug 20, 2023
    risk 0.00cvss epss 0.02

    Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

  • CVE-2023-4433Aug 19, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

  • CVE-2023-4432Aug 19, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

  • CVE-2023-4422Aug 18, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

  • CVE-2023-4395Aug 17, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

  • CVE-2023-4321Aug 14, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.

  • CVE-2023-4196Aug 6, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

  • CVE-2023-4195Aug 6, 2023
    risk 0.00cvss epss 0.01

    PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

  • CVE-2023-1313Mar 10, 2023
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.

  • CVE-2023-1160Mar 3, 2023
    risk 0.00cvss epss 0.00

    Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.

  • CVE-2023-0780Feb 11, 2023
    risk 0.00cvss epss 0.00

    Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

  • CVE-2023-0759Feb 9, 2023
    risk 0.00cvss epss 0.00

    Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

  • CVE-2022-2818Aug 15, 2022
    risk 0.00cvss epss 0.01

    Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

  • CVE-2022-2713Aug 8, 2022
    risk 0.00cvss epss 0.01

    Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.