CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

SUSE CVE-2025-66507

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

CVE-2025-66507

CVE-2025-66507 (1Panel) : 1Panel is affected; versions 2.0.13 and earlier expose a CAPTCHA bypass via a client-controlled parameter that the server trusted without validation. This allows an unauthenticated attacker to bypass CAPTCHA verification, enabling automated login attempts and increasing ...

CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...

CVE-2023-37889

Cross-Site Request Forgery CSRF vulnerability in WPAdmin WPAdmin AWS CDN plugin = 2.0.13 versions...