Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Tildeslash Ltd.

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2020-36969
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.07% / 20.19%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:35
Updated-03 Feb, 2026 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M/Monit 3.7.4 - Privilege Escalation

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.

Action-Not Available
Vendor-tildeslashTildeslash Ltd.
Product-m\/monitM/Monit
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-36968
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.33%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:35
Updated-03 Feb, 2026 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
M/Monit 3.7.4 - Password Disclosure

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

Action-Not Available
Vendor-tildeslashTildeslash Ltd.
Product-m\/monitM/Monit
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2016-7067
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.32%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 14:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.

Action-Not Available
Vendor-mmonitTildeslash Ltd.
Product-monitmonit
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)