Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

M/Monit

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2020-36969
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.07% / 20.19%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:35
Updated-03 Feb, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M/Monit 3.7.4 - Privilege Escalation

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.

Action-Not Available
Vendor-tildeslashTildeslash Ltd.
Product-m\/monitM/Monit
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-36968
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:35
Updated-03 Feb, 2026 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M/Monit 3.7.4 - Password Disclosure

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

Action-Not Available
Vendor-tildeslashTildeslash Ltd.
Product-m\/monitM/Monit
CWE ID-CWE-522
Insufficiently Protected Credentials