It Novum
Products
1- 12 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24893 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary… | ||
| CVE-2023-3520 | 0.00 | — | 0.00 | Jul 6, 2023 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. | |||
| CVE-2023-36663 | 0.00 | — | 0.01 | Jun 25, 2023 | it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. | |||
| CVE-2023-3218 | 0.00 | — | 0.00 | Jun 13, 2023 | Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. | |||
| CVE-2020-10788 | 0.00 | — | 0.02 | Mar 25, 2020 | openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections. | |||
| CVE-2020-10790 | 0.00 | — | 0.01 | Mar 25, 2020 | openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | |||
| CVE-2020-10791 | 0.00 | — | 0.01 | Mar 25, 2020 | app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. | |||
| CVE-2020-10792 | 0.00 | — | 0.02 | Mar 20, 2020 | openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. | |||
| CVE-2019-15494 | 0.00 | — | 0.02 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | |||
| CVE-2019-15493 | 0.00 | — | 0.01 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | |||
| CVE-2019-15492 | 0.00 | — | 0.01 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | |||
| CVE-2019-15491 | 0.00 | — | 0.01 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. |
- risk 0.57cvss 8.8epss 0.01
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary…
- CVE-2023-3520Jul 6, 2023risk 0.00cvss —epss 0.00
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.
- CVE-2023-36663Jun 25, 2023risk 0.00cvss —epss 0.01
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
- CVE-2023-3218Jun 13, 2023risk 0.00cvss —epss 0.00
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.
- CVE-2020-10788Mar 25, 2020risk 0.00cvss —epss 0.02
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.
- CVE-2020-10790Mar 25, 2020risk 0.00cvss —epss 0.01
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
- CVE-2020-10791Mar 25, 2020risk 0.00cvss —epss 0.01
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
- CVE-2020-10792Mar 20, 2020risk 0.00cvss —epss 0.02
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
- CVE-2019-15494Aug 23, 2019risk 0.00cvss —epss 0.02
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
- CVE-2019-15493Aug 23, 2019risk 0.00cvss —epss 0.01
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
- CVE-2019-15492Aug 23, 2019risk 0.00cvss —epss 0.01
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
- CVE-2019-15491Aug 23, 2019risk 0.00cvss —epss 0.01
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.