Lucene search
K

146 matches found

nvd
nvd
added 2026/01/19 8:15 p.m.5 views

CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS0.00251EPSS
Exploits0References1
snyk
snyk
added 2026/01/19 7:48 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to no visible rate limits or monitoring. An attacker can exhaust system resources by opening a large number of connections and transmitting excessive data through the websockets...

8.3CVSS5.6AI score0.00251EPSS
Exploits0References2
osv
osv
added 2026/01/19 7:25 p.m.6 views

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/01/19 7:25 p.m.3 views

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

8.3CVSS5.7AI score0.00475EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/01/19 7:25 p.m.20 views

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

8.3CVSS0.00475EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/01/19 7:25 p.m.2 views

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References3
cve
cve
added 2026/01/19 7:25 p.m.21 views

CVE-2026-21696

Wings (Pterodactyl) security issue CVE-2026-21696 affects version 1.7.0 through before 1.12.0. The bug arises from not honoring SQLite’s max parameter limit (32766) when deleting activity log entries, causing a query to fail with “too many SQL variables.” As a result, processed activity entries a...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/01/19 7:17 p.m.5 views

CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.6AI score0.00251EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/01/19 7:17 p.m.4 views

CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.5AI score0.00251EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/19 7:17 p.m.20 views

CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS0.00251EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/19 12:0 a.m.7 views

Wings Resource Management Error Vulnerability

Wings is the server control interface for Pterodactyl Panel. In versions 1.7.0 to 1.12.0 of Wings, there was a resource management vulnerability. This vulnerability stemmed from not considering the maximum parameter limits of SQLite, which could lead to exhaustion of the database server’s disk...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/01/19 12:0 a.m.8 views

PT-2026-3490

Name of the Vulnerable Software and Affected Versions Wings versions 1.7.0 through 1.11.9 Description Wings, the server control plane for Pterodactyl, is affected by an issue where it does not account for SQLite’s maximum parameter limit when handling activity log entries. This allows a...

8.3CVSS5.4AI score0.00475EPSS
Exploits1References13
ptsecurity
ptsecurity
added 2026/01/19 12:0 a.m.4 views

PT-2026-3486

Name of the Vulnerable Software and Affected Versions Wings versions prior to 1.12.0 Description Wings, the server control plane for Pterodactyl, is affected by an issue where websockets lack appropriate rate limiting and throttling. This allows a malicious user to establish numerous connections...

8.3CVSS5.4AI score0.00251EPSS
Exploits0References12
osv
osv
added 2026/01/12 5:39 p.m.6 views

GO-2026-4283 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced in github.com/pterodactyl/wings

Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced in github.com/pterodactyl/wings...

7.5CVSS6.9AI score0.00218EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/09 9:6 a.m.9 views

CVE-2024-34068

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...

6.4CVSS6.5AI score0.00394EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:2 a.m.5 views

CVE-2023-25168

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

9.6CVSS6.8AI score0.00956EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:1 a.m.9 views

CVE-2023-25152

Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their...

8.8CVSS6.8AI score0.00682EPSS
Exploits0References1
osv
osv
added 2026/01/06 5:18 p.m.5 views

GHSA-8C39-XPPG-479C Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Summary Pterodactyl does not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions...

7.5CVSS6.7AI score0.00218EPSS
Exploits0References5
github
github
added 2026/01/06 5:18 p.m.13 views

Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

Summary Pterodactyl does not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions...

7.5CVSS6.8AI score0.00218EPSS
Exploits0References5Affected Software2
snyk
snyk
added 2026/01/06 1:53 a.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the SFTP access control process. An attacker can maintain unauthorized access to files by remaining connected to SFTP after their permissions have been revoked or after the game server has been deleted...

7.5CVSS6.9AI score0.00218EPSS
Exploits0References2
Rows per page
Query Builder