1Panel 跨站请求伪造漏洞

1Panel is an open source Linux server operation and management panel from China's 1Panel community. A cross-site request forgery vulnerability exists in 1Panel versions 1.10.33 through 2.0.15. The vulnerability stems from the change username feature not implementing CSRF protection, which could...

1Panel 跨站请求伪造漏洞

1Panel is an open source Linux server operation and maintenance management panel from China's 1Panel community. A cross-site request forgery vulnerability exists in 1Panel versions 110.33 through 2.0.15, which stems from a lack of CSRF protection implemented in the panel name management feature,...

CVE-2025-66508

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

1Panel 安全漏洞

1Panel is an open source Linux server operations and management panel from the Chinese 1Panel community. A security vulnerability exists in 1Panel 2.0.13 and earlier versions, which stems from unvalidated client-side parameters and could lead to CAPTCHA bypass and account takeover...

1Panel – CAPTCHA Bypass via Client-Controlled Flag

A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling...

1Panel – CAPTCHA Bypass via Client-Controlled Flag

A CAPTCHA bypass vulnerability in the 1Panel authentication API allows an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA protections could be bypassed, enabling...

EUVD-2025-27550

Malicious code in bioql PyPI...

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

CVE-2025-56413 affects 1panel v2.0.8, where the OS command injection occurs in the OperateSSH function. An attacker can trigger arbitrary commands via the operation parameter of the /api/v2/hosts/ssh/operate endpoint. This aligns with the reported CVSS: NETWORK vector, HIGH impact (C, I, A). Publ...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

PT-2025-37052

Name of the Vulnerable Software and Affected Versions: 1panel version 2.0.8 Description: An OS Command injection issue exists in the OperateSSH function within 1panel. Attackers can execute arbitrary commands by manipulating the operation parameter of the /api/v2/hosts/ssh/operate API endpoint...

Remote Code Execution (RCE)

github.com/1panel-dev/1panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete certificate verification during HTTPS communication between the Core and Agent endpoints, which allows an attacker to gain unauthorized access and execute commands with high privileges...

Exploit for Command Injection in Fit2Cloud 1Panel

https://github.com/hophtien/CVE-2025-54424/releaseshttps://gi...

GO-2025-3834 1Panel agent certificate verification bypass leading to arbitrary command execution in github.com/1Panel-dev/1Panel/core

1Panel agent certificate verification bypass leading to arbitrary command execution in github.com/1Panel-dev/1Panel/core. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...