1Panel SQL Injection - Authenticated

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

CVE-2024-34352

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

CVE-2024-2352

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...

GO-2025-4230 1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality in github.com/1Panel-dev/1Panel

1Panel contains a cross-site request forgery CSRF vulnerability in the panel name management functionality in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

CVE-2025-34429

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

EUVD-2024-1032

Malicious code in bioql PyPI...

EUVD-2023-1995

Malicious code in bioql PyPI...

EUVD-2025-14976

Malicious code in bioql PyPI...

EUVD-2025-23409

Malicious code in bioql PyPI...

1Panel 安全漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1Panel community. A security vulnerability exists in 1Panel version 2.0.8, which stems from OS command injection and could lead to the execution of arbitrary commands...

CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

CVE-2025-54424

1Panel (Go to Mode C): The CVE-2025-54424 vulnerability affects 1Panel versions 2.0.5 and earlier, where TLS certificate verification between Core and Agent endpoints is incomplete, allowing an attacker to bypass client cert validation and access high-privilege interfaces. This leads to remote co...

GHSA-8J63-96WH-WH3J 1Panel agent certificate verification bypass leading to arbitrary command execution

Project Address: Project Address 1Panel Official website: https://www.1panel.cn/ Time: 2025 07 26 Version: 1panel V2.0.5 Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows...

1Panel agent certificate verification bypass leading to arbitrary command execution

Project Address: Project Address 1Panel Official website: https://www.1panel.cn/ Time: 2025 07 26 Version: 1panel V2.0.5 Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows...

1Panel agent certificate verification bypass leading to arbitrary command execution

First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows you to control other hosts by adding nodes. - The HTTPS protocol used for communication between the Core and Agent sides did not fully verify the...

CVE-2024-27288

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds...