CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/14 8:37 p.m.•0 views

CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

Cvelist•added 2026/04/14 8:37 p.m.•15 views

CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion

8.8CVSS0.00407EPSS

EUVD•added 2026/04/14 8:37 p.m.•2 views

EUVD-2026-22703

ATTACKERKB•added 2026/04/14 8:37 p.m.•1 views

CVE-2026-24893

Exploits0References4Affected Software1

CVE•added 2026/04/14 8:37 p.m.•4 views

CVE-2026-24893

openITCOCKPIT Community Edition

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32910

CNNVD•added 2026/04/14 12:0 a.m.•2 views

Exploits0References5

openITCOCKPIT 操作系统命令注入漏洞

openITCOCKPIT is an open-source system monitoring software. Versions of openITCOCKPIT prior to 5.5.2 had a vulnerability related to operating system command injection. This vulnerability stemmed from the unchecked extension of user-controlled attributes to monitoring command templates, allowing...

8.8CVSS6.1AI score0.00407EPSS

RedhatCVE•added 2026/02/22 1:28 a.m.•2 views

CVE-2026-24892

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized changelog data derived fro...

8.8CVSS6.2AI score0.0032EPSS

Exploits1References1

RedhatCVE•added 2026/02/21 7:29 p.m.•2 views

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

NVD•added 2026/02/20 9:19 p.m.•1 views

Exploits1References1

CVE-2026-24892

8.8CVSS0.0032EPSS

Exploits1References3

Cvelist•added 2026/02/20 8:55 p.m.•17 views

CVE-2026-24892 openITCOCKPIT has Unsafe Deserialization in openITCOCKPIT Changelog Handling

7.5CVSS0.0032EPSS

Exploits1References3

OSV•added 2026/02/20 8:55 p.m.•1 views

CVE-2026-24892 openITCOCKPIT has Unsafe Deserialization in openITCOCKPIT Changelog Handling

7.5CVSS6.3AI score0.0032EPSS

Exploits1References5

Vulnrichment•added 2026/02/20 8:55 p.m.•1 views

CVE-2026-24892 openITCOCKPIT has Unsafe Deserialization in openITCOCKPIT Changelog Handling

7.5CVSS6.2AI score0.0032EPSS

Exploits1References3

CVE•added 2026/02/20 8:55 p.m.•6 views

CVE-2026-24892

CVE-2026-24892 affects openITCOCKPIT Community Edition 5.3.1 and earlier, with an unsafe PHP deserialization pattern in changelog processing. Serialized data can be unserialized without restricting allowed classes, creating a latent PHP object injection vulnerability that could become an immediat...

8.8CVSS6.3AI score0.0032EPSS

Exploits1References3Affected Software1

NVD•added 2026/02/20 6:25 p.m.•3 views

CVE-2026-24891

7.5CVSS0.00177EPSS

Exploits1References2

Vulnrichment•added 2026/02/20 5:23 p.m.•3 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection

CVE•added 2026/02/20 5:23 p.m.•9 views

Exploits1References2

CVE-2026-24891

openITCOCKPIT prior to 5.4.0 contains an unsafe deserialization sink in the Gearman worker (oitc_gearman) that calls PHP’s unserialize() on job payloads without class restrictions or origin validation. This enables PHP Object Injection when Gearman is exposed to untrusted systems or network acces...

Exploits1References2Affected Software1

OSV•added 2026/02/20 5:23 p.m.•3 views

CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection