EUVD-2026-2730

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...

EUVD-2025-25585

Malicious code in bioql PyPI...

GHSA-GCQF-PXGG-GW8Q Dpanel has an arbitrary file read vulnerability

Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...

Dpanel has an arbitrary file read vulnerability

Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...

CVE-2025-53363 Dpanel has an arbitrary file read vulnerability

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

Authentication Bypass

Dpanel is vulnerable to Authentication Bypass. The vulnerability is due to use of a hardcoded JWT secret due to the default configuration embedding a static secret, allowing attackers to forge valid tokens and gain unauthorized administrative access...

GO-2025-3612 Dpanel's hard-coded JWT secret leads to remote code execution in github.com/donknap/dpanel

Dpanel's hard-coded JWT secret leads to remote code execution in github.com/donknap/dpanel...

CVE-2025-30206 Dpanel's hard-coded JWT secret leads to remote code execution

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

CVE-2025-30206

Dpanel uses a hard-coded JWT secret in its default configuration, enabling attackers to forge valid tokens and bypass authentication, potentially gaining full control of the host. The GO-2025-3612 entry cites remote code execution as the outcome of this flaw in github.com/donknap/dpanel. The advi...

GHSA-J752-CJCJ-W847 Dpanel's hard-coded JWT secret leads to remote code execution

Summary The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. Details The Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly...

PT-2025-16384

Name of the Vulnerable Software and Affected Versions Dpanel versions prior to 1.6.1 Description The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw enables attackers t...