Lucene search
+L

11 matches found

CVE
CVE
added 2023/07/05 8:57 p.m.2597 views

CVE-2023-36458

1Panel is an open source Linux server operation and maintenance panel. Affected versions are

8.8CVSS7.5AI score0.02313EPSS
CVE
CVE
added 2023/07/05 8:57 p.m.2581 views

CVE-2023-36457

1Panel (open-source Linux server operation/maintenance panel) prior to v1.3.6 is affected by a command injection vulnerability when adding container repositories. An authenticated attacker can craft a malicious payload (as demonstrated by the reported payloads in advisories) to trigger code execu...

8.8CVSS7.5AI score0.02313EPSS
CVE
CVE
added 2024/03/10 1:31 a.m.132 views

CVE-2024-2352

1Panel up to 1.10.1-lts is affected by CVE-2024-2352 via command injection in the function baseApi.UpdateDeviceSwap (file /api/v1/toolbox/device/update/swap). The issue arises from untrusted input in the Path argument (example: 123123123\nopen -a Calculator), which can be exploited remotely. Publ...

9.8CVSS6.8AI score0.03044EPSS
Web
CVE
CVE
added 2024/03/06 6:23 p.m.109 views

CVE-2024-27288

1Panel open source Linux server panel vulnerable before version 1.10.1-lts . If a user intercepts a request with Burp to the secure entry point, they can obtain unauthorized access to the console page (no data returned or modifications in some reports). The issue is fixed in v1.10.1-lts; affected...

6.3CVSS6.1AI score0.00471EPSS
CVE
CVE
added 2024/05/09 2:38 p.m.87 views

CVE-2024-34352

CVE-2024-34352 affects the 1Panel project (open source Linux server O&M panel). Prior to v1.10.3-lts, command injection vulnerabilities allow arbitrary file writes and can lead to remote code execution. The root cause involves inadequate input filtering and an exploit path using the mirror config...

7.5CVSS6.8AI score0.01329EPSS
CVE
CVE
added 2023/07/18 6:25 p.m.76 views

CVE-2023-37477

1Panel exposes an OS command injection in its firewall IP endpoint (/hosts/firewall/ip). The vulnerability allows an authenticated attacker to craft input that leads to arbitrary command execution, potentially full system compromise. The issue stems from lack of input validation in the firewall f...

8.8CVSS8AI score0.05354EPSS
Web
CVE
CVE
added 2024/04/18 2:56 p.m.68 views

CVE-2024-30257

CVE-2024-30257 affects 1Panel, an open-source Linux server operations and maintenance panel. The vulnerability arises from password verification using a != comparison instead of the secure hmac.Equal , creating a timing side-channel that could facilitate password guessing. Multiple sources corrob...

5.9CVSS4.5AI score0.0038EPSS
CVE
CVE
added 2025/08/01 11:4 p.m.62 views

CVE-2025-54424

1Panel (Go to Mode C): The CVE-2025-54424 vulnerability affects 1Panel versions 2.0.5 and earlier, where TLS certificate verification between Core and Agent endpoints is incomplete, allowing an attacker to bypass client cert validation and access high-privilege interfaces. This leads to remote co...

9.8CVSS8.1AI score0.00901EPSS
CVE
CVE
added 2025/12/09 1:25 a.m.33 views

CVE-2025-66507

CVE-2025-66507 (1Panel) : 1Panel is affected; versions 2.0.13 and earlier expose a CAPTCHA bypass via a client-controlled parameter that the server trusted without validation. This allows an unauthenticated attacker to bypass CAPTCHA verification, enabling automated login attempts and increasing ...

7.5CVSS6.5AI score0.00405EPSS
CVE
CVE
added 2026/01/18 10:10 p.m.28 views

CVE-2026-23525

CVE-2026-23525 affects 1Panel, a web-based Linux server management panel. The stored XSS vulnerability originates from insufficient sanitization in the MdEditor component (previewOnly) used to render App Store and related content, allowing malicious scripts to run in the user’s browser and potent...

8.4CVSS5.6AI score0.00306EPSS
CVE
CVE
added 2025/12/09 1:37 a.m.22 views

CVE-2025-66508

1Panel (GitHub/Governance: 1Panel) contains a vulnerability where Gin’s default proxy trust config (TrustedProxies = 0.0.0.0/0) causes X-Forwarded-For headers to be trusted, letting attackers bypass IP-based access controls (AllowIPs, API whitelists, localhost checks) by sending X-Forwarded-For: ...

6.5CVSS6.4AI score0.00204EPSS