📦 1panel
by Fit2cloud
🔍 What is 1panel?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-39907 is a critical SQL injection vulnerability in 1Panel, a web-based Linux server management control panel. The vulnerability allows attackers to write arbitrary files to the system, leadin...
This CSRF vulnerability in 1Panel allows attackers to change the web service port when authenticated users visit malicious pages. Affected users are those running 1Panel versions 1.10.33 through 2.0.1...
This CSRF vulnerability in 1Panel allows attackers to change authenticated users' usernames without consent via malicious webpages. When exploited, victims are logged out and locked out of their accou...
CVE-2025-66507 is an authentication bypass vulnerability in 1Panel that allows unauthenticated attackers to disable CAPTCHA verification by manipulating client-controlled parameters. This enables auto...
This CVE describes an OS command injection vulnerability in 1panel's SSH operation function that allows attackers to execute arbitrary commands on the server. Attackers can exploit this by sending spe...
CVE-2025-54424 is a certificate validation bypass vulnerability in 1Panel web interface that allows attackers to intercept HTTPS communications between Core and Agent endpoints. This leads to unauthor...
CVE-2023-39964 is an arbitrary file read vulnerability in 1Panel server management panel that allows attackers to read sensitive configuration files on the server. The vulnerability exists in the Load...
CVE-2023-39966 is an arbitrary file write vulnerability in 1Panel server management panel that allows attackers to write arbitrary files to the server filesystem. This can lead to complete server comp...
This CSRF vulnerability in 1Panel allows attackers to change a victim's panel name without consent by tricking them into visiting a malicious webpage while authenticated. It affects all users running ...
This vulnerability in 1Panel allows attackers to bypass IP-based access controls by spoofing the X-Forwarded-For header. Any client can pretend to be from whitelisted IP addresses like 127.0.0.1, rend...