Known Vulnerabilities for Cockpit CMS by Cockpit HQ
Listed below are 10 of the newest known vulnerabilities associated with "Cockpit CMS" by "Cockpit HQ".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-58467 json | Cockpit CMS through 2.14.0 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attac... | Not Provided | 2026-07-02 | 2026-07-08 |
| CVE-2026-57856 json | Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-57855 json | Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() me... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-38993 json | Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenti... | Not Provided | 2026-04-29 | 2026-06-30 |
| CVE-2026-38992 json | Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. Thi... | Not Provided | 2026-04-29 | 2026-04-30 |
| CVE-2026-38991 json | Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a ... | Not Provided | 2026-04-29 | 2026-04-29 |
| CVE-2026-34965 json | Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoin... | Not Provided | 2026-04-29 | 2026-04-29 |
| CVE-2026-34262 json | Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | Not Provided | 2026-04-14 | 2026-04-29 |
| CVE-2026-23695 json | Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Se... | Not Provided | 2026-05-15 | 2026-05-15 |
| CVE-2026-13533 json | A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc:... | Not Provided | 2026-06-29 | 2026-06-29 |