CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...

7.5CVSS7AI score0.01895EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:19 a.m.•4 views

CVE-2019-15491

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21...

8.8CVSS7AI score0.006EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:36 a.m.•4 views

CVE-2019-15490

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21...

9.8CVSS7.2AI score0.01656EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:19 a.m.•3 views

CVE-2019-15492

openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21...

6.1CVSS7AI score0.00822EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:14 a.m.•4 views

CVE-2019-15493

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21...

7.5CVSS7AI score0.0118EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:57 a.m.•4 views

CVE-2019-15494

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21...

9.8CVSS7AI score0.01514EPSS

Exploits0References1

NVD•added 2020/03/25 3:15 p.m.•11 views

CVE-2020-10788

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections...

9.1CVSS9.2AI score0.0156EPSS

Exploits0References2