pkg:Packagist/cockpit-hq/cockpit

All known vulnerabilities

• CRITICAL9.9CVE-2023-4195Cockpit PHP Remote File Inclusion vulnerability
  from 0, < 2.6.3
• CRITICAL9.8CVE-2026-38992Cockpit is vulnerable to arbitrary code execution
  from 0, < 2.14.0
• CRITICAL9.8Cockpit CMS contains an arbitrary file upload vulenrability
  from 0, < 2.7.0
• HIGH8.8Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type
  from 0, < 2.14.0
• HIGH8.8Cockpit CMS Cross-Site Request Forgery vulnerability
  from 0, < 2.6.0
• HIGH8.8cockpit-hq/cockpit is vulnerable to unrestricted file uploads
  from 0, < 2.4.1
• HIGH8.8privilege chaining in cockpit-hq/cockpit
  from 0, < 2.3.8
• HIGH8.8Cockpit Content Platform vulnerable to 2FA bypass
  from 0, < 2.2.2
• HIGH8.3Cockpit Cross-site Scripting vulnerability
  from 0, <= 2.6.3
• HIGH8.3Cockpit Cross-site Scripting vulnerability
  from 0, <= 2.6.3
• HIGH8.3Cockpit Cross-site Scripting vulnerability
  from 0, <= 2.6.2
• HIGH8.3Cockpit Cross-site Scripting vulnerability
  from 0, < 2.6.3
• HIGH8.1Cockpit Cross-site Scripting vulnerability
  from 0, <= 2.6.3
• HIGH7.7Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
  from 0, < 2.13.5
• HIGH7.5Cockpit Arbitrary File Upload
  from 0, < 2.4.1
• HIGH7.5Cockpit CMS vulnerable to incorrect access control
  from 0, < 2.6.0
• MEDIUM6.8Cockpit Cross-site Scripting vulnerability
  from 0, < 2.6.3
• MEDIUM6.5Cockpit is vulnerable to directory traversal
  from 0, < 2.14.0
• MEDIUM6.3Cockpit has NoSQL Injection Through Content Aggregation Pipelines
  from 0, < 2.14.0
• MEDIUM6.1Cockpit CMS arbitrary file upload vulnerability
  from 0, <= 2.6.3
• MEDIUM6.1Cockpit Cross-site Scripting vulnerability
  from 0, <= 2.6.3
• MEDIUM5.5Cockpit CMS Cross-Site Scripting vulnerability
• MEDIUM5.5Cockpit Uses Platform-Dependent Third Party Components
  from 0, <= 2.3.9
• MEDIUM5.4Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option
  from 0, <= 2.14.0
• MEDIUM5.4Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit
  from 0, < 2.3.9
• LOW3.5Cockpit - Content Platform vulnerable to XSS through name or email argument names
  from 0, < 2.11.4