Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cockpit-HQ — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting Cockpit-HQ. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Cockpit-HQ is a web-based server management interface that provides system administrators with tools for monitoring and controlling Linux servers. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation issues, accounting for its 16 recorded CVEs. The platform's security posture has been compromised through authentication bypass vulnerabilities and insecure default configurations, though no major public incidents have been widely documented. Its architecture exposes attack surfaces through web service endpoints and plugin systems, requiring strict access controls and regular updates to mitigate risks associated with its privileged system access capabilities.

Top products by Cockpit-HQ: cockpit-hq/cockpit Cockpit
CVE IDTitleCVSSSeverityPublished
CVE-2026-6626 Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection — CockpitCWE-943 6.3 Medium2026-04-20
CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw() — CockpitCWE-89 7.7 High2026-03-18
CVE-2023-4451 Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-79 5.4 -2023-08-20
CVE-2023-4433 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-79 5.4 -2023-08-19
CVE-2023-4432 Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-79 5.4 -2023-08-19
CVE-2023-4422 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-79 5.4 -2023-08-18
CVE-2023-4395 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-79 5.4 -2023-08-17
CVE-2023-4321 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-79 5.4 -2023-08-14
CVE-2023-4196 Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-79 5.4 -2023-08-06
CVE-2023-4195 PHP Remote File Inclusion in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-98 8.8 -2023-08-06
CVE-2023-1313 Unrestricted Upload of File with Dangerous Type in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-434 8.8 -2023-03-10
CVE-2023-1160 Use of Platform-Dependent Third Party Components in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-1103 7.5 -2023-03-03
CVE-2023-0780 Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-1021 5.4 -2023-02-11
CVE-2023-0759 Privilege Chaining in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-268 8.8 -2023-02-09
CVE-2022-2818 Improper Removal of Sensitive Information Before Storage or Transfer in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-212 9.8 Critical2022-08-15
CVE-2022-2713 Insufficient Session Expiration in cockpit-hq/cockpit — cockpit-hq/cockpitCWE-613 9.8 -2022-08-08

This page lists every published CVE security advisory associated with Cockpit-HQ. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.