CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authentic
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In ap
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on f
CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` d
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Executio
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitized
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied reque
Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers t
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administ
A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTi
dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible f
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the `osctrl-admin` environment configuration. An authenticated administrator can injec
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context o
Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAll
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the
The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: (1) cap
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With th
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system pat
Page 1+ Next →