CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1272 – Information Disclosure to Source Code in TNB Mobile Solutions' Cockpit Software
https://notcve.org/view.php?id=CVE-2024-1272
05 Jun 2024 — Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1. La inclusión de información confidencial en la vulnerabilidad del código fuente en TNB Mobile Solutions Cockpit Software permite recuperar datos confidenciales incrustados. Este problema afecta a Cockpit Software: anterior a v0.251.1. • https://www.usom.gov.tr/bildirim/tr-24-0601 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 6.4EPSS: 20%CPEs: 1EXPL: 1CVE-2023-41564
https://notcve.org/view.php?id=CVE-2023-41564
08 Sep 2023 — An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. Una vulnerabilidad de carga de archivos arbitrarios en la función Upload Asset de Cockpit CMS v2.6.3 permite a los atacantes ejecutar código arbitrario cargando un archivo .shtml manipulado. • https://github.com/sota70/cve-2023-41564-research • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 48%CPEs: 1EXPL: 1CVE-2023-4451 – Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4451
20 Aug 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/30609466c817e39f9de1871559603e93cd4d0d0c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4433 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4433
19 Aug 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Cross-Site Scripting (XSS) almacenado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4432 – Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4432
19 Aug 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el repositorio de GitHub cockpit-hq/cockpit anterior a 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/2a93d391fbd2dd9e730f65d43b29beb65903d195 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4422 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4422
18 Aug 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el repositorio GitHub cockpit-hq/cockpit anterior a la versión 2.6.3. • https://github.com/cockpit-hq/cockpit/commit/b8dad5e070608bb5e4ec58fabbee101b5af737cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4395 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4395
17 Aug 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. • https://github.com/cockpit-hq/cockpit/commit/36d1d4d256cbbab028342ba10cc493e5c119172c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4321 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4321
14 Aug 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3. • https://github.com/cockpit-hq/cockpit/commit/34ab31ee9362da51b9709e178469dbffd7717249 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4196 – Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4196
06 Aug 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. • https://github.com/cockpit-hq/cockpit/commit/039a00cc310bff128ca6e6c1c46c6fbad0385c2c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 1CVE-2023-4195 – PHP Remote File Inclusion in cockpit-hq/cockpit
https://notcve.org/view.php?id=CVE-2023-4195
06 Aug 2023 — PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. • https://github.com/cockpit-hq/cockpit/commit/800c05f1984db291769ffa5fdfb1d3e50968e95b • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •