Lucene search
K

2125 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.5 views

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin...

8.8CVSS6.9AI score0.06033EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.5 views

CVE-2019-18419

A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

6.1CVSS5.7AI score0.00806EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.8 views

CVE-2019-18418

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...

9.8CVSS7.4AI score0.04003EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.8 views

CVE-2020-10808

Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...

9CVSS7AI score0.77261EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.11 views

CVE-2020-10786

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...

9CVSS8AI score0.04843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.14 views

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...

6.5CVSS6.9AI score0.01853EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:49 a.m.4 views

CVE-2020-24061

Cross Site Scripting XSS Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script...

5.4CVSS6.7AI score0.00331EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.8 views

CVE-2021-41083

Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any...

8.8CVSS7AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.10 views

CVE-2019-12792

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root...

9CVSS7.8AI score0.04859EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/05 9:59 p.m.5 views

EUVD-2026-0824

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior. Note that attackers must have administrator access to the Craft Control Panel for...

8.6CVSS8.1AI score0.00812EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/05 9:56 p.m.4 views

EUVD-2026-0844

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

7.7CVSS6.7AI score0.00787EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.5 views

iiCMS 代码注入漏洞

iCMS is a software application. It is an efficient and simple content management system built with PHP and MySQL. A code injection vulnerability exists in iCMS 8.0.0 and earlier versions, which stems from an incorrect operation of the parameter config by the Save function in the POST Parameter...

7.2CVSS5.9AI score0.00404EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/19 8:18 p.m.3 views

CVE-2025-64400

Control Panel provides an API for pre-registering into an enrollment and organization prior to a user's first login. The API for creating users checks that the account requesting a user creation has edit on the enrollment-level user directory, but is missing a separate check that the enrollment...

4.1CVSS6.7AI score0.00179EPSS
Exploits0References1
Securelist
Securelist
added 2025/12/19 8:0 a.m.10 views

Yet another DCOM object for lateral movement

Introduction If you're a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects. Over the years, many different DCOM objects have been...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

Palantir Control Panel 安全漏洞

Palantir Control Panel is a centralized management console from Palantir USA. A security vulnerability exists in Palantir Control Panel that stems from a lack of organizational access checks that could lead to unauthorized user creation...

4.1CVSS6.6AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.7 views

PT-2025-51353

Name of the Vulnerable Software and Affected Versions FreePBX tts module versions prior to 16.0.5 FreePBX tts module versions prior to 17.0.5 Description The Text to Speech tts module for FreePBX, a web-based graphical user interface for Asterisk, contains a SQL injection flaw. Authenticated user...

8.6CVSS7.9AI score0.06127EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.149 views

📄 Hestia Control Panel 1.9.3 Code Execution

Hestia Control Panel version 1.9.3 code injection proof of concept exploit written in PHP that leverages cronjobs. ============================================================================================================================================= | Title : Hestia Control Panel 1.9.3 PHP...

7.7AI score
Exploits0
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-66507

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

7.5CVSS0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50237

Name of the Vulnerable Software and Affected Versions COMMAX CVD-Axx DVR version 5.1.4 Description The COMMAX CVD-Axx DVR contains weak default administrative credentials, enabling remote password attacks and disclosure of RTSP streams. An attacker can exploit this by sending a POST request to an...

9.3CVSS6.7AI score0.00339EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.3 views

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway that originates from an SQL injection in the Session ID parameter in /occontrolpanel/index.php...

9.8CVSS7.8AI score0.00392EPSS
Exploits1References3
Rows per page
Query Builder