Fit2cloud Security Vulnerabilities (CVEs)

Track 32 security vulnerabilities affecting Fit2cloud products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

9 Critical

17 High

6 Medium

Sort by:

🔔 Get Alerts for Fit2cloud

CVE-2025-15597 6.3

CVE-2025-15597 is an improper access control vulnerability in Dataease SQLBot up to version 1.4.0 that allows unauthorized access to API endpoints. At...

Mar 2, 2026

CVE-2025-70981 9.8

CVE-2025-70981 is a critical SQL injection vulnerability in CordysCRM 1.4.1 that allows attackers to execute arbitrary SQL commands through the depart...

Feb 12, 2026

CVE-2025-69285 6.1

SQLBot versions before 1.5.0 have an authentication bypass vulnerability in the /api/v1/datasource/uploadExcel endpoint. Unauthenticated attackers can...

Jan 21, 2026

CVE-2025-34429 7.1

This CSRF vulnerability in 1Panel allows attackers to change the web service port when authenticated users visit malicious pages. Affected users are t...

Dec 10, 2025

CVE-2025-34430 4.3

This CSRF vulnerability in 1Panel allows attackers to change a victim's panel name without consent by tricking them into visiting a malicious webpage ...

Dec 10, 2025

CVE-2025-34410 7.1

This CSRF vulnerability in 1Panel allows attackers to change authenticated users' usernames without consent via malicious webpages. When exploited, vi...

Dec 10, 2025

CVE-2025-66507 7.5

CVE-2025-66507 is an authentication bypass vulnerability in 1Panel that allows unauthenticated attackers to disable CAPTCHA verification by manipulati...

Dec 9, 2025

CVE-2025-66508 6.5

This vulnerability in 1Panel allows attackers to bypass IP-based access controls by spoofing the X-Forwarded-For header. Any client can pretend to be ...

Dec 9, 2025

CVE-2025-58044 6.1

This CVE describes an open redirect vulnerability in JumpServer's internationalization endpoint. Attackers can craft malicious URLs that redirect user...

Dec 1, 2025

CVE-2025-62795 7.1

This vulnerability allows low-privileged authenticated users in JumpServer to bypass authorization checks and invoke LDAP configuration tests or synch...

Oct 30, 2025

CVE-2025-62712 9.6

An authenticated non-privileged user in JumpServer can retrieve connection tokens belonging to all users via the super-connection API endpoint, allowi...

Oct 30, 2025

CVE-2025-56413 8.8

This CVE describes an OS command injection vulnerability in 1panel's SSH operation function that allows attackers to execute arbitrary commands on the...

Sep 10, 2025

CVE-2025-54424 8.1

CVE-2025-54424 is a certificate validation bypass vulnerability in 1Panel web interface that allows attackers to intercept HTTPS communications betwee...

Aug 1, 2025

CVE-2025-27095 4.3

This vulnerability allows attackers with low-privileged JumpServer accounts to manipulate Kubernetes session configurations to redirect API requests t...

Mar 31, 2025

CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery container, which runs with root privileges and data...

Jul 18, 2024

CVE-2024-39907 9.8

CVE-2024-39907 is a critical SQL injection vulnerability in 1Panel, a web-based Linux server management control panel. The vulnerability allows attack...

Jul 18, 2024

CVE-2024-29202 9.9

This CVE describes a Jinja2 template injection vulnerability in JumpServer's Ansible component that allows authenticated attackers to execute arbitrar...

Mar 29, 2024

CVE-2023-48193 9.8

This vulnerability in JumpServer allows remote attackers to bypass command filtering restrictions and execute arbitrary code on affected systems. It a...

Nov 28, 2023

CVE-2023-44397 7.5

CloudExplorer Lite versions before 1.4.1 contain an authentication bypass vulnerability in the gateway filter. Attackers can access protected API endp...

Oct 30, 2023

CVE-2023-43651 8.5

This vulnerability allows authenticated users of JumpServer to exploit MongoDB sessions through the WEB CLI interface to execute arbitrary commands, l...

Sep 27, 2023

CVE-2023-43650 8.2

JumpServer's password reset verification code lacks rate limiting, allowing attackers to brute-force the 6-digit code within its 1-minute validity win...

Sep 27, 2023

CVE-2023-42820 7.0

This vulnerability in JumpServer exposes the random number seed via API, allowing attackers to predict or replay verification codes used for password ...

Sep 27, 2023

CVE-2023-42405 9.8

This SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary SQL commands via the 'sort' parameter in multiple...

Sep 14, 2023

CVE-2023-39519 7.5

Cloud Explorer Lite versions before 1.4.0 contain an information disclosure vulnerability in user information acquisition functionality. This allows a...

Aug 24, 2023

CVE-2023-39964 7.5

CVE-2023-39964 is an arbitrary file read vulnerability in 1Panel server management panel that allows attackers to read sensitive configuration files o...

Aug 10, 2023

CVE-2023-39966 7.5

CVE-2023-39966 is an arbitrary file write vulnerability in 1Panel server management panel that allows attackers to write arbitrary files to the server...

Aug 10, 2023

CVE-2023-38692 9.8

CVE-2023-38692 is a critical command injection vulnerability in CloudExplorer Lite's module management installation function that allows attackers to ...

Aug 4, 2023

CVE-2023-37917 9.1

This vulnerability in KubePi allows any authenticated user to elevate privileges to administrator by modifying the 'isadmin' parameter when creating o...

Jul 21, 2023

CVE-2023-3423 8.8

This CVE describes weak password requirements in the cloudexplorer-lite GitHub repository, allowing attackers to easily guess or brute-force user cred...

Jun 27, 2023

CVE-2023-32311 7.1

CloudExplorer Lite prior to version 1.1.0 has a missing authorization vulnerability that allows authenticated users to add themselves to any organizat...

May 26, 2023

CVE-2023-32316 7.1

CloudExplorer Lite has a missing permission check vulnerability that allows users to add themselves to any organization without authorization. This af...

May 26, 2023

CVE-2023-2845 8.1

This CVE describes an improper access control vulnerability in cloudexplorer-lite that allows unauthorized users to access restricted functionality or...

May 23, 2023

Why Monitor Fit2cloud Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 32+ known vulnerabilities affecting Fit2cloud products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Fit2cloud packages in under 60 seconds. No agents required - completely agentless scanning that works across Fit2cloud deployments.

Free vulnerability database: Access detailed information about every Fit2cloud CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Fit2cloud CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Fit2cloud CVEs Free