CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

CVE-2021-41273

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...

CVE-2021-41129

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can...

Pterodactyl 安全漏洞

Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. A security vulnerability exists in Pterodactyl version 1.11.11 and earlier, which stems from the fact that a one-time password can be used multiple times during its expiration date, potentially leading ...

EUVD-2021-2222

Malware in sbrugna...

EUVD-2022-3772

Malicious code in bioql PyPI...

CVE-2025-49132

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it...

Exploit for CVE-2025-49132

CVE-2025-49132 Pterodactyl is a free, open-source game server...

CVE-2025-49132

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it...

CVE-2021-41176

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...

CVE-2019-1020002

Pterodactyl before 0.7.14 with 2FA allows credential sniffing...

Sensitive Information Exposure

pterodactyl/panel is vulnerable to Sensitive Information Exposure. The vulnerability is due to the insecure handling of passwords in HTTP query parameters, which are logged in plain text when two-factor authentication is disabled. It can allow unauthorized access if an attacker gains access to...

Pterodactyl 资源管理错误漏洞

Pterodactyl is an open source game server management panel built using PHP, Nodejs and Go. A security vulnerability exists in all versions of Pterodactyl prior to 1.4.4, which stems from defining improper container process limits. A malicious user could consume more resources than expected and...