Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
25056.0%HIGH

Related CVEs

5
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2020-36969M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.HIGH8.733.6%Jan 28, 2026
CVE-2020-36968M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.HIGH7.133.6%Jan 28, 2026
CVE-2022-26563An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.HIGH8.847.2%Jul 18, 2023
CVE-2019-11455A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).HIGH8.186.3%Apr 22, 2019
CVE-2019-11393An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.NONE79.2%Apr 22, 2019