Every CVE whose affected-product data names Agentejo Cockpit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2022-2818 — CVSS 9.8 (critical): Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.
CVE-2024-4825 — CVSS 9.8 (critical): A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter…
CVE-2018-15540 — CVSS 9.8 (critical): Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to…
CVE-2020-35131 — CVSS 9.8 (critical): Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in…
CVE-2017-14611 — CVSS 9.1 (critical): SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts…
CVE-2023-1313 — CVSS 8.8 (high): Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.
CVE-2018-15539 — CVSS 8.8 (high): Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.
CVE-2023-37650 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.
CVE-2026-31891 — CVSS 7.7 (high): Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is…
CVE-2023-37649 — CVSS 7.5 (high): Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data.
CVE-2021-32857 — CVSS 6.1 (medium): Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior…
CVE-2023-41564 — CVSS 6.1 (medium): An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via…
CVE-2020-14408 — CVSS 6.1 (medium): An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for…
CVE-2023-1160 — CVSS 5.5 (medium): Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.
CVE-2024-2001 — CVSS 5.5 (medium): A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload…
CVE-2023-0780 — CVSS 5.4 (medium): Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.
CVE-2025-7053 — CVSS 3.5 (low): A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file…