tildeslash CVE Vulnerabilities & Metrics

Focus on tildeslash vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About tildeslash Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with tildeslash. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total tildeslash CVEs: 4
Earliest CVE date: 24 Nov 2003, 05:00 UTC
Latest CVE date: 28 Jan 2026, 18:16 UTC

Latest CVE reference: CVE-2020-36969

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical tildeslash CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.44

Max CVSS: 10.0

Critical CVEs (≥9): 2

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	3
7.0-8.9	0
9.0-10.0	2

CVSS Distribution Chart

Top 5 Highest CVSS tildeslash CVEs

These are the five CVEs with the highest CVSS scores for tildeslash, sorted by severity first and recency.

CVE-2004-1898 tildeslash Published on 31 Dec 2004, 05:00 UTC (CVSS: 10.0)
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
CVE-2003-1083 tildeslash Published on 31 Dec 2003, 05:00 UTC (CVSS: 10.0)
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2019-11455 tildeslash Published on 22 Apr 2019, 16:29 UTC (CVSS: 5.5)
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVE-2004-1899 tildeslash Published on 31 Dec 2004, 05:00 UTC (CVSS: 5.0)
The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.
CVE-2003-1084 tildeslash Published on 24 Nov 2003, 05:00 UTC (CVSS: 5.0)
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.

All CVEs for tildeslash

CVE-2020-36969 tildeslash vulnerability CVSS: 0 28 Jan 2026, 18:16 UTC

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.

CVE-2020-36968 tildeslash vulnerability CVSS: 0 28 Jan 2026, 18:16 UTC

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

CVE-2022-26563 tildeslash vulnerability CVSS: 0 18 Jul 2023, 14:15 UTC

An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.

CVE-2019-11455 tildeslash vulnerability CVSS: 5.5 22 Apr 2019, 16:29 UTC

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

CVE-2004-1898 tildeslash vulnerability CVSS: 10.0 31 Dec 2004, 05:00 UTC

Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.

CVE-2004-1899 tildeslash vulnerability CVSS: 5.0 31 Dec 2004, 05:00 UTC

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.

CVE-2003-1083 tildeslash vulnerability CVSS: 10.0 31 Dec 2003, 05:00 UTC

Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.

CVE-2003-1084 tildeslash vulnerability CVSS: 5.0 24 Nov 2003, 05:00 UTC

Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.