CVE-2026-34216

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

EUVD-2026-30983

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

PT-2026-42013

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description An authenticated admin-level user can achieve Remote Code Execution by supplying an arbitrary class name available in the Composer autoloader. The admin settings update endpoint accepts a fully...

PT-2025-37022

Name of the Vulnerable Software and Affected Versions: WP Blast | SEO & Performance Booster plugin for WordPress versions up to and including 1.8.6 Description: The WP Blast | SEO & Performance Booster plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect...

CVE-2021-38841

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the systeminfo page in classes/SystemSettings.php with an updatesettings action...