11 matches found
PT-2026-42872
Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...
Attested Tool-Server Admission: A Security Extension to the Model Context Protocol
The Model Context Protocol MCP standardizes how a large-language-model LLM agent and an external tool server exchange messages, but not trust: a host reads a server's self-declared tool list and dispatches calls, with no notion of which servers it may use, at what sensitivity, or which of a...
CVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
EUVD-2025-206300
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted...
CVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198
Pterodactyl panel suffers a race condition in resource locking: before v1.12.0, concurrent requests can bypass per-server resource validation and concurrently create more databases, allocations, or backups than configured, denying resources to other users and potentially exhausting node quotas. T...
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
PT-2026-3485
Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.0 Description Pterodactyl is a game server management panel that applies rate limits to resources like databases, port allocations, and backups on a per-server basis. In versions before 1.12.0, a malicious us...