Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

35 matches found

RedhatCVE
RedhatCVEadded 2026/02/21 7:29 p.m.2 views

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS5.9AI score0.00177EPSS
Exploits1References1
NVD
NVDadded 2026/02/20 6:25 p.m.3 views

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS0.00177EPSS
Exploits1References2
CVE
CVEadded 2026/02/20 5:23 p.m.9 views

CVE-2026-24891

openITCOCKPIT prior to 5.4.0 contains an unsafe deserialization sink in the Gearman worker (oitc_gearman) that calls PHP’s unserialize() on job payloads without class restrictions or origin validation. This enables PHP Object Injection when Gearman is exposed to untrusted systems or network acces...

7.5CVSS5.9AI score0.00177EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/02/20 5:23 p.m.3 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS5.9AI score0.00177EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/02/20 5:23 p.m.4 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS5.9AI score0.00177EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/02/20 5:23 p.m.19 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

7.5CVSS0.00177EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/02/20 12:0 a.m.2 views

PT-2026-21278

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitc gearman calls PHP's unserialize o...

7.5CVSS5.8AI score0.00177EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/20 12:0 a.m.4 views

openITCOCKPIT 代码问题漏洞

openITCOCKPIT is an open-source system monitoring software. Versions of openITCOCKPIT 5.3.1 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization points in the Gearman worker implementation, which may lead to PHP object injection attacks...

7.5CVSS5.9AI score0.00177EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2012-3418

Malware in sbrugna...

2.1CVSS6.1AI score0.00054EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-2837

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00045EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-2293

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 7:57 a.m.4 views

CVE-2019-1003082

A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 4:12 a.m.9 views

CVE-2019-1003083

A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.00045EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2022/05/13 1:25 a.m.19 views

CSRF vulnerability in Jenkins Gearman Plugin

A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.00128EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/05/13 1:25 a.m.13 views

GHSA-449P-7C3P-VF7G CSRF vulnerability in Jenkins Gearman Plugin

A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.00128EPSS
Exploits0References4
OSV
OSVadded 2022/05/13 1:25 a.m.14 views

GHSA-6PJ9-5Q6J-J97C Missing permission check in Jenkins Gearman Plugin

A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.00045EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2022/05/13 1:25 a.m.15 views

Missing permission check in Jenkins Gearman Plugin

A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.00045EPSS
Exploits0References5Affected Software1
CNVD
CNVDadded 2019/08/23 12:0 a.m.2 views

CloudBees Jenkins Gearman Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Gearman Plugin is used in one of the highly...

6.5CVSS6.9AI score0.00045EPSS
Exploits0References1
CNVD
CNVDadded 2019/04/11 12:0 a.m.3 views

CloudBees Jenkins Gearman plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Gearman Plugin is used in one of the highly...

6.5CVSS6.9AI score0.00128EPSS
Exploits0References1
NVD
NVDadded 2019/04/04 4:29 p.m.14 views

CVE-2019-1003082

A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfigdoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder