38 matches found
SUSE CVE-2025-66292
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
GO-2026-4318 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface in github.com/donknap/dpanel
DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface in github.com/donknap/dpanel...
CVE-2025-66292
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
GHSA-VH2X-FW87-4FXQ DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
Summary DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. Details When a user logs into the administrative backend, this interface can be used to delete files. The...
DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
Summary DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. Details When a user logs into the administrative backend, this interface can be used to delete files. The...
CVE-2025-66292
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
CVE-2025-66292
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
CVE-2025-66292 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
CVE-2025-66292 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
EUVD-2026-2730
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
CVE-2025-66292
DPanel (Go) has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. The Delete function passes the user-supplied path to storage.Local{}.GetSaveRealPath and then os.Remove without sanitizing path traversal (../), with filepath.Join in local.go resolving traversal ...
CVE-2025-66292 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...
PT-2026-3062
Name of the Vulnerable Software and Affected Versions DPanel versions prior to 1.9.2 Description DPanel has an arbitrary file deletion issue in the /api/common/attach/delete API endpoint. Authenticated users can delete arbitrary files on the server through path traversal. The issue resides in the...
Dpanel security vulnerabilities
Dpanel is a lightweight Docker visualization panel developed by Donknap, offering comprehensive container management features. Prior to DPanel 1.9.2, there were security vulnerabilities; these vulnerabilities stemmed from path traversal in the/api/common/attach/delete interface, which could lead ...
EUVD-2025-10989
Malicious code in bioql PyPI...
EUVD-2025-25585
Malicious code in bioql PyPI...
Arbitrary File Read
github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...
GO-2025-3909 Dpanel has an arbitrary file read vulnerability in github.com/donknap/dpanel
Dpanel has an arbitrary file read vulnerability in github.com/donknap/dpanel...
CVE-2025-53363
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...
GHSA-GCQF-PXGG-GW8Q Dpanel has an arbitrary file read vulnerability
Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...