cockpit · threatengine.sh

CVE-2026-31891

< 2.13.5

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enable

7.7HIGH

CVE-2025-7053

<= 2.11.3

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of

3.5LOW

CVE-2024-6656

< 2.13

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Execu

9.8CRITICAL

CVE-2024-1272

< 0.251.1

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded

7.5HIGH

CVE-2024-4825

all versions

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ p

9.8CRITICAL

CVE-2024-2001

all versions

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user

5.5MEDIUM

CVE-2023-41564

all versions

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary co

6.1MEDIUM

CVE-2023-4451

<= 2.6.3

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

6.1MEDIUM

CVE-2023-4433

<= 2.6.3

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

5.4MEDIUM

CVE-2023-4432

<= 2.6.3

Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

6.1MEDIUM

CVE-2023-4422

< 2.6.3

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

4.8MEDIUM

CVE-2023-4395

< 2.6.4

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

5.4MEDIUM

CVE-2023-4321

< 2.4.3

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.

6.1MEDIUM

CVE-2023-4196

< 2.6.3

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

5.4MEDIUM

CVE-2023-4195

< 2.6.3

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

8.8HIGH

CVE-2023-37650

<= 2.5.2

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator

8.8HIGH

CVE-2023-37649

<= 2.5.2

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive

7.5HIGH

CVE-2023-1313

<= 2.4.0

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.

8.8HIGH

CVE-2023-1160

<= 2.3.9

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.

5.5MEDIUM

CVE-2021-32857

<= 0.12.2

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 an

6.1MEDIUM

CVE-2023-0780

< 2.3.9

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

5.4MEDIUM

CVE-2023-0759

< 2.3.8

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

8.8HIGH

CVE-2022-2818

< 2.2.2

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

9.8CRITICAL

CVE-2022-2713

< 2.2.0

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

9.8CRITICAL

CVE-2021-3698

< 260

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Se

7.5HIGH

CVE-2021-3660

< 254

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit serve

4.3MEDIUM

CVE-2020-35131

< 0.6.1

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunctio

9.8CRITICAL

CVE-2020-35850

all versions

An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: th

6.5MEDIUM

CVE-2020-35848

< 0.11.2

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

9.8CRITICAL

CVE-2020-35847

< 0.11.2

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

9.8CRITICAL

CVE-2020-35846

< 0.11.2

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

9.8CRITICAL

CVE-2020-14408

all versions

An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows

6.1MEDIUM

CVE-2019-3804

< 184

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service

7.5HIGH

CVE-2018-15540

all versions

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file sy

9.8CRITICAL

CVE-2018-15539

all versions

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.

8.8HIGH

CVE-2018-15538

all versions

Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.

6.1MEDIUM

CVE-2018-11471

all versions

Cockpit 0.5.5 has XSS via a collection, form, or region.

5.4MEDIUM

CVE-2018-9302

>= 0.4.4 and <= 0.5.5

SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitr

9.1CRITICAL

CVE-2017-14611

all versions

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intran

9.1CRITICAL

agentejo cockpit