136 matches found
CVE-2026-24891
openITCOCKPIT prior to 5.4.0 contains an unsafe deserialization sink in the Gearman worker (oitc_gearman) that calls PHP’s unserialize() on job payloads without class restrictions or origin validation. This enables PHP Object Injection when Gearman is exposed to untrusted systems or network acces...
CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...
PT-2026-21278
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitc gearman calls PHP's unserialize o...
PT-2026-21297
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized changelog data derived fro...
openITCOCKPIT 代码问题漏洞
openITCOCKPIT is an open-source system monitoring software. Versions of openITCOCKPIT 5.3.1 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization points in the Gearman worker implementation, which may lead to PHP object injection attacks...
openITCOCKPIT 代码问题漏洞
openITCOCKPIT is an open-source system monitoring software. Versions of openITCOCKPIT 5.3.1 and earlier have code vulnerabilities. These vulnerabilities stem from unsafe PHP deserialization patterns when processing change log entries, which may lead to potential PHP object injection vulnerabiliti...
CVE-2020-10789
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...
CVE-2020-10790
openITCOCKPIT before 3.7.3 has unnecessary files such as Lodash files under the web root, which leads to XSS...
EUVD-2020-3201
Malware in sbrugna...
EUVD-2019-6484
Malware in sbrugna...
EUVD-2019-2238
Malware in sbrugna...
EUVD-2020-3204
Malware in sbrugna...
EUVD-2019-6481
Malware in sbrugna...
EUVD-2020-3203
Malware in sbrugna...
EUVD-2019-6483
Malware in sbrugna...
EUVD-2019-6482
Malware in sbrugna...
EUVD-2019-6480
Malware in sbrugna...
EUVD-2020-3202
Malware in sbrugna...
EUVD-2023-43896
Malicious code in bioql PyPI...
EUVD-2023-40607
Malicious code in bioql PyPI...