GO-2025-4230 1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality in github.com/1Panel-dev/1Panel

1Panel contains a cross-site request forgery CSRF vulnerability in the panel name management functionality in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the panel name management process. An attacker can modify the panel name of a victim's account without their consent by tricking an authenticated user into visiting a malicious webpage that submits...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the panel name management process. An attacker can modify the panel name of a victim's account without their consent by tricking an authenticated user into visiting a malicious webpage that submits...

EUVD-2025-202556

1Panel contains a cross-site request forgery CSRF vulnerability in the panel name management functionality...

GHSA-5XPQ-2VMC-5CQP 1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

CVE-2025-34430

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

CVE-2025-34430

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

CVE-2025-34430

CVE-2025-34430 concerns a CSRF in 1Panel (versions 1.10.33 through 2.0.15) affecting the panel name management functionality. The affected endpoint reportedly lacks CSRF defenses such as anti-CSRF tokens and Origin/Referer validation. An attacker can lure an authenticated user to a malicious page...

PT-2025-50369

Name of the Vulnerable Software and Affected Versions 1Panel versions 1.10.33 through 2.0.15 Description 1Panel is affected by a cross-site request forgery CSRF issue in the panel name management functionality. The affected functionality lacks CSRF protections, such as anti-CSRF tokens or...

1Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...

The vulnerability of Windows operating system storage devices, which allows attackers to perform spoofing attacks

The vulnerability of Windows operating system storage devices is related to improper external management of file names or file paths. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the server of the surveillance and recording system for AXIS Camera Station Pro allows a intruder to create or modify arbitrary files.

The vulnerability of the surveillance and recording system server for AXIS Camera Station Pro relates to improper external management of file names or files. Exploiting this vulnerability can allow attackers to create or modify arbitrary files...

GNU Binutils 安全漏洞

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...

The vulnerability of the PowerScale OneFS operating system, related to incorrect external management of file names or paths, allows a attacker to trigger a service failure.

The vulnerability of the PowerScale OneFS operating system is related to improper external management of file names or file paths. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of Websoft HCM’s automation software for HR processes stems from name management or file path handling errors, allowing attackers to gain access to the file system.

The vulnerability of Websoft HCM’s automation software for HR processes is related to name management or file path handling errors. Exploiting this vulnerability can allow an attacker to gain read access to the file system remotely...

CVE-2023-50333 Lack of restriction to manage group names for freshly demoted guests

Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names...

Security Bulletin: IBM InfoSphere Global Name Management Vulnerable to CVE-2023-30441

Summary InfoSphere Global Name Management bundles IBM Java as internal component. A combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. This vulnerability is addressed...

The vulnerability of the Automation License Manager software lies in its external name management capabilities. This allows a perpetrator to rename and move files as a system user.

The vulnerability of the Automation License Manager software relates to external name management. Exploiting this vulnerability allows a malicious actor to rename and move files as a system user...

Security Bulletin: Unspecified vulnerability in Java Affects IBM Infosphere Global Name Management (CVE-2022-21496)

Summary The Java used in IBM Global Name Management has an unspecified vulnerability related to the JNDI component. Within GNM, this issue only affects ENS, a part of GNM 6 installed by a small minority of GNM customers. For GNM customers not using ENS, there is no vulnerability. Vulnerability...