Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to...
4.6CVSS
4.6AI Score
0.001EPSS
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API...
8.8CVSS
9AI Score
0.001EPSS
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to...
4.4CVSS
4.9AI Score
0.001EPSS
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket...
9.1CVSS
9.2AI Score
0.001EPSS
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana...
6.5CVSS
6.1AI Score
0.001EPSS
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to...
5.4CVSS
5.5AI Score
0.001EPSS
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in...
9.8CVSS
9.8AI Score
0.002EPSS
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host...
7.5CVSS
7.5AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.002EPSS
8.8CVSS
8.7AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
6.1CVSS
6.3AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS