Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
aapanel
16035.8%CRITICAL

Related CVEs

6
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-29859An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.CRITICAL9.839.6%Mar 18, 2026
CVE-2026-29858A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.HIGH7.522.4%Mar 18, 2026
CVE-2026-29856An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.HIGH7.525.5%Mar 18, 2026
CVE-2024-42922AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.MEDIUM6.555.8%May 21, 2025
CVE-2022-26252aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).MEDIUM6.5Mar 27, 2022
CVE-2021-37840aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).HIGH8.8Aug 2, 2021