Openitcockpit
Products
1- 14 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15494 | Cri | 0.64 | 9.8 | 0.02 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. | ||
| CVE-2019-15490 | Cri | 0.64 | 9.8 | 0.02 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. | ||
| CVE-2026-24893 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary… | ||
| CVE-2019-15491 | Hig | 0.57 | 8.8 | 0.01 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | ||
| CVE-2019-15493 | Hig | 0.49 | 7.5 | 0.01 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. | ||
| CVE-2019-10227 | Med | 0.43 | 6.1 | 0.01 | Dec 31, 2019 | openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component. | ||
| CVE-2019-15492 | Med | 0.40 | 6.1 | 0.01 | Aug 23, 2019 | openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | ||
| CVE-2026-24892 | 0.00 | — | 0.01 | Feb 20, 2026 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized… | |||
| CVE-2026-24891 | 0.00 | — | 0.00 | Feb 20, 2026 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitc_gearman calls… | |||
| CVE-2020-10788 | Cri | 0.00 | 9.1 | 0.02 | Mar 25, 2020 | openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections. | ||
| CVE-2020-10791 | Med | 0.00 | 6.5 | 0.01 | Mar 25, 2020 | app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. | ||
| CVE-2020-10790 | Med | 0.00 | 5.4 | 0.01 | Mar 25, 2020 | openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. | ||
| CVE-2020-10789 | Cri | 0.00 | 9.8 | 0.02 | Mar 25, 2020 | openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. | ||
| CVE-2020-10792 | Hig | 0.00 | 7.5 | 0.02 | Mar 20, 2020 | openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. |
- risk 0.64cvss 9.8epss 0.02
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
- risk 0.64cvss 9.8epss 0.02
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.
- risk 0.57cvss 8.8epss 0.01
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary…
- risk 0.57cvss 8.8epss 0.01
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.
- risk 0.49cvss 7.5epss 0.01
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
- risk 0.43cvss 6.1epss 0.01
openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component.
- risk 0.40cvss 6.1epss 0.01
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
- CVE-2026-24892Feb 20, 2026risk 0.00cvss —epss 0.01
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized…
- CVE-2026-24891Feb 20, 2026risk 0.00cvss —epss 0.00
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitc_gearman calls…
- risk 0.00cvss 9.1epss 0.02
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.
- risk 0.00cvss 6.5epss 0.01
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.
- risk 0.00cvss 5.4epss 0.01
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
- risk 0.00cvss 9.8epss 0.02
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.
- risk 0.00cvss 7.5epss 0.02
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.