Lucene search
K

2125 matches found

CNNVD
CNNVD
added 2026/01/27 12:0 a.m.4 views

Vesta Control Panel (VestaCP) security vulnerabilities

Vesta Control Panel VestaCP is an open-source virtual hosting control panel developed by Vesta Control Panel Inc. Version 0.9.8-26 of Vesta Control Panel VestaCP has a security vulnerability caused by insufficient token verification, which may allow unauthorized access to user accounts...

9.8CVSS5.8AI score0.00561EPSS
Exploits0References5
Krebs on Security
Krebs on Security
added 2026/01/26 4:11 p.m.7 views

Who Operates the Badbox 2.0 Botnet?

The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0 , a vast China-based botnet powered by malicious software that comes pre-installed on many...

5.8AI score
Exploits0
OSV
OSV
added 2026/01/22 9:41 p.m.4 views

GHSA-JP3Q-WWP3-PWV9 Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

Summary An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to store...

5.3CVSS6AI score0.00253EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.8 views

PT-2026-7943

Name of the Vulnerable Software and Affected Versions Solspace Freeform plugin for Craft CMS versions 5.0 through 5.14.6 Description A low-privilege authenticated user with form creation/editing permissions can inject arbitrary HTML and JavaScript code into the Craft Control Panel builder and...

5.1CVSS5.5AI score0.00253EPSS
Exploits1References10
NVD
NVD
added 2026/01/21 6:16 p.m.8 views

CVE-2021-47871

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS0.00421EPSS
Exploits0References4
OSV
OSV
added 2026/01/21 6:16 p.m.5 views

CVE-2021-47871

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.9AI score0.00421EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/21 5:27 p.m.5 views

EUVD-2026-3630

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

7.2CVSS5AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.4 views

CVE-2021-47871

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.6AI score0.00421EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/21 5:27 p.m.20 views

CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS0.00421EPSS
Exploits0References4
CVE
CVE
added 2026/01/21 5:27 p.m.14 views

CVE-2021-47871

CVE-2021-47871 affects Hestia Control Panel 1.3.2. An authenticated attacker can exploit the API endpoint index.php via the v-make-tmp-file command to perform arbitrary file writes, potentially placing SSH keys or other content at arbitrary server paths. Impact is high for confidentiality, integr...

8.8CVSS5.8AI score0.00421EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/21 5:27 p.m.5 views

CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.8AI score0.00421EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/21 5:27 p.m.7 views

EUVD-2026-3620

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.8AI score0.00421EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.3 views

Vesta Control Panel (VestaCP) Cross-site Scripting Vulnerabilities

Vesta Control Panel VestaCP is an open-source virtual hosting control panel developed by Vesta Control Panel Inc. Versions of Vesta Control Panel VestaCP prior to 0.9.8-25 contained a cross-site scripting vulnerability. This vulnerability stemmed from IP interface configurations that allowed...

7.2CVSS5.6AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.8 views

Hestia Control Panel security vulnerabilities

Hestia Control Panel is an open-source host control panel developed by Hestia. Version 1.3.2 of Hestia Control Panel contains a security vulnerability. This vulnerability stems from arbitrary file writing in the API index.php endpoint, which could allow authenticated attackers to write files...

8.8CVSS5.9AI score0.00421EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.10 views

PT-2026-3823

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.8AI score0.00421EPSS
Exploits0References5
NVD
NVD
added 2026/01/13 11:15 p.m.3 views

CVE-2022-50909

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges,...

8.8CVSS0.021EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/13 10:51 p.m.22 views

CVE-2022-50909 Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges,...

8.8CVSS0.021EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/13 10:51 p.m.2 views

CVE-2022-50909 Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges,...

8.8CVSS8.7AI score0.021EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:44 p.m.10 views

CVE-2005-1909

The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "...

4.3CVSS6.8AI score0.00992EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:52 a.m.9 views

CVE-2009-4222

phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request...

7.5CVSS7.2AI score0.02199EPSS
Exploits1References1
Rows per page
Query Builder