Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2026-41231

Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...

7.5CVSS5.6AI score0.00087EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-41236

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.6AI score0.00063EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 5:40 a.m.1 views

CVE-2023-0564

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10...

7.5CVSS7.7AI score0.00181EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/01/03 10:34 p.m.11 views

CVE-2023-50256 Froxlor username/surname AND company field Bypass

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

7.5CVSS7.7AI score0.00059EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2023/06/11 11:15 a.m.0 views

CVE-2023-3192

Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0...

5.4CVSS5.7AI score0.0016EPSS
Exploits1References3
0day.today
0day.todayadded 2023/02/27 12:0 a.m.432 views

Froxlor 2.0.6 Remote Command Execution Exploit

Froxlor versions 2.0.6 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application wil...

8.8CVSS8.6AI score0.89127EPSS
Exploits8
SUSE CVE
SUSE CVEadded 2023/02/15 3:21 a.m.2 views

SUSE CVE-2023-0671

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10...

9.9CVSS9.4AI score0.00513EPSS
Exploits1References3
CNNVD
CNNVDadded 2023/01/29 12:0 a.m.2 views

Froxlor 安全漏洞

Froxlor is a lightweight server management software from the Froxlor team. A security vulnerability exists in Froxlor versions prior to 2.0.10 that stems from certain errors in the business logic...

5.5CVSS5.3AI score0.00207EPSS
Exploits1References3
Prion
Prionadded 2018/06/26 4:29 p.m.10 views

Information disclosure

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

6.5CVSS7.5AI score0.02568EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder