CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

EUVD-2026-30993

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

EUVD-2026-30984

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

PT-2026-42013

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description An authenticated admin-level user can achieve Remote Code Execution by supplying an arbitrary class name available in the Composer autoloader. The admin settings update endpoint accepts a fully...

CVE-2020-37104

ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...

EUVD-2025-4089

Malicious code in bioql PyPI...

CVE-2025-25203

CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting XSS vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering o...

CVE-2025-25203

CVE-2025-25203 affects CtrlPanel (open-source billing software). The XSS vulnerability exists in the TicketsController and Moderation/TicketsController due to insufficient input validation on the priority field during ticket creation and unsafe rendering of this field in the moderator panel. Vers...

fossbilling 安全漏洞

fossbilling is a free open source solution for efficient billing and customer management. A security vulnerability exists in fossbilling versions prior to 0.5.0 that stems from an error in the business logic...

fossbilling 安全漏洞

fossbilling is a free open source solution for efficient billing and customer management. A security vulnerability exists in fossbilling versions prior to 0.5.0 that stems from insufficient access control granularity...

Nightflyza Ubilling Command Injection Vulnerability

Nightflyza Ubilling is an open source ISP billing system based on Php, stargazer by Nightflyza individual developers. A security vulnerability exists in Ubilling v1.0.9, which stems from Ubilling allowing remote commands to be executed as the root user. An attacker can exploit the vulnerability t...