VYPR
Vendor

It Novum

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2026-24893HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary…

  • CVE-2023-3520Jul 6, 2023
    risk 0.00cvss epss 0.00

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

  • CVE-2023-36663Jun 25, 2023
    risk 0.00cvss epss 0.01

    it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.

  • CVE-2023-3218Jun 13, 2023
    risk 0.00cvss epss 0.00

    Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.

  • CVE-2020-10788Mar 25, 2020
    risk 0.00cvss epss 0.02

    openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.

  • CVE-2020-10790Mar 25, 2020
    risk 0.00cvss epss 0.01

    openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.

  • CVE-2020-10791Mar 25, 2020
    risk 0.00cvss epss 0.01

    app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.

  • CVE-2020-10792Mar 20, 2020
    risk 0.00cvss epss 0.02

    openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.

  • CVE-2019-15494Aug 23, 2019
    risk 0.00cvss epss 0.02

    openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.

  • CVE-2019-15493Aug 23, 2019
    risk 0.00cvss epss 0.01

    openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.

  • CVE-2019-15492Aug 23, 2019
    risk 0.00cvss epss 0.01

    openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.

  • CVE-2019-15491Aug 23, 2019
    risk 0.00cvss epss 0.01

    openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.