ajenti 竞争条件问题漏洞

Ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Prior to version 0.112, there was a race condition vulnerability in Ajenti. This vulnerability allowed for bypassing of user authentication within a short period after authentication was performed...

CVE-2026-35175

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...

VulnCheck KEV: CVE-2023-39964

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...

EUVD-2026-8832

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13...

PT-2026-22120

Name of the Vulnerable Software and Affected Versions Ajenti versions prior to 2.2.13 Description Ajenti is a modular server admin panel for Linux and BSD. Before version 2.2.13, an unauthenticated user could gain access to a server and execute arbitrary code. The issue is resolved in version...

ajenti operating system command injection vulnerability

ajenti is an open-source Linux and BSD-based modular server management panel developed by ajenti. Version 2.1.36 of ajenti contains a vulnerability related to operating system command injection. This vulnerability stems from an authentication bypass, which could allow remote attackers to execute...

CVE-2025-66508

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

PT-2025-49760

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

The vulnerability of the 1Panel Linux server control panel, related to the lack of security measures for SQL query structures, allows attackers to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the 1Panel Linux server’s control panel is related to the lack of measures taken to protect the SQL query structure when processing the orderBy parameter. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information and execute arbitra...

1Panel 命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A command injection vulnerability exists in versions prior to 1Panel v1.10.3-lts. The vulnerability stems from the presence of a command injection issue that can lead to arbitrary file writing...

Redeye - A Tool Intended To Help You Manage Your Data During A Pentest Operation

This project was built by pentesters for pentesters. Redeye is a tool intended to help you manage your data during a pentest operation in the most efficient and organized way. The Developers Daniel Arad - @dandanarad && Elad Pticha - @eladpt Overview The Server panel will display all added server...

1Panel Security Vulnerability

1Panel is an open source Linux server O&M panel for the Chinese 1panel community. A security vulnerability exists in 1Panel version 1.4.3. An attacker can exploit the vulnerability to download arbitrary files through the API interface...

1Panel Security Vulnerability

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A security vulnerability exists in 1Panel version 1.4.3, which stems from a lack of parameter filtering...

U.S. Dept Of Defense: Unauthorized Access to Internal Server Panel without Authentication

The server can be accessed without any authentication and it contains information that should not be kept public for anyone. I advice you to take look if this data are sensitive or not! References ███████ Impact There might be sensitive info that should not have to be leaked to public. System Hos...

Stored Cross-site Scripting (XSS)

andreapollastri/cipi is vulnerable to stored cross-site scripting. The vulnerability exists in /api/servers name field when adding a new server on the server panel, as it doesn't properly filter the parameters which allows an attacker to inject and execute arbitrary javascript...

Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the "Server" panel, in...

Cipi Control Panel 3.1.15 Cross Site Scripting

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Date: 24.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the...

Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Date: 24.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the...