| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33746 | Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users | ConvoyPanel | panel | Critical | 9.8 | 2026-04-02 15:06:06 | Deep Dive |
| CVE-2026-5332 | Xiaopi Panel WAF Firewall demo.php cross site scripting | Xiaopi | Panel | Low | 3.5 | 2026-04-02 13:15:11 | Deep Dive |
| CVE-2026-34456 | Reviactyl: OAuth account takeover via auto-linking | reviactyl | panel | Critical | 9.1 | 2026-04-01 20:00:56 | Deep Dive |
| CVE-2026-4267 | Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI | johnbillion | Query Monitor | High | 7.2 | 2026-03-31 11:29:49 | Deep Dive |
| CVE-2026-32117 | grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer) | ekacnet | grafanacubism-panel | High | 7.6 | 2026-03-11 21:28:38 | Deep Dive |
| CVE-2026-26016 | Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization | pterodactyl | panel | 高危 | - | 2026-02-19 15:55:20 | Deep Dive |
| CVE-2025-14014 | Insecure File Upload in NTN Informatics' Smart Panel | NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. | Smart Panel | Critical | 9.8 | 2026-02-12 13:58:37 | Deep Dive |
| CVE-2026-25872 | JUNG Smart Panel 5.1 KNX Unauthenticated Path Traversal | ALBRECHT JUNG GMBH & CO. KG | JUNG Smart Panel 5.1 KNX | Medium | 5.3 | 2026-02-10 22:25:56 | Deep Dive |
| CVE-2026-2122 | Xiaopi Panel WAF Firewall demo.php sql injection | Xiaopi | Panel | Medium | 6.3 | 2026-02-08 01:02:07 | Deep Dive |
| CVE-2025-7014 | Session Hijacking in QRMenumPro's Menu Panel | QR Menu Pro Smart Menu Systems | Menu Panel | Medium | 5.7 | 2026-01-29 13:47:31 | Deep Dive |
| CVE-2025-7013 | IDOR in QRMenumPro's Menu Panel | QR Menu Pro Smart Menu Systems | Menu Panel | Medium | 5.7 | 2026-01-29 13:40:57 | Deep Dive |
| CVE-2020-36945 | WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass | WEBDAMN.COM | WebDamn User Registration & Login System with User Panel | High | 8.2 | 2026-01-28 17:35:07 | Deep Dive |
| CVE-2020-36978 | Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting | Froxlor | Froxlor Froxlor Server Management Panel | Medium | 6.4 | 2026-01-27 18:51:04 | Deep Dive |
| CVE-2021-47872 | SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection | SEO Panel | SEO Panel | High | 7.1 | 2026-01-21 17:27:48 | Deep Dive |
| CVE-2021-47871 | Hestia Control Panel 1.3.2 - Arbitrary File Write | Hestia Control Panel | Hestia Control Panel | High | 8.8 | 2026-01-21 17:27:47 | Deep Dive |
| CVE-2025-69199 | Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances | pterodactyl | panel | - | - | 2026-01-19 19:17:54 | Deep Dive |
| CVE-2025-69198 | Pterodactyl's improper resource locking allows raced queries to create more resources than alloted | pterodactyl | panel | - | - | 2026-01-19 19:05:39 | Deep Dive |
| CVE-2021-47816 | Thecus N4800Eco Nas Server Control Panel - Command Injection | Thecus | Thecus N4800Eco Nas Server Control Panel | High | 8.8 | 2026-01-16 19:09:27 | Deep Dive |
| CVE-2025-40805 | Siemens Industrial Edge Devices 安全漏洞 | Siemens | Industrial Edge Cloud Device (IECD) | Critical | 10.0 | 2026-01-13 09:44:03 | Deep Dive |
| CVE-2025-69197 | Pterodactyl TOTPs can be reused during validity window | pterodactyl | panel | Medium | 6.5 | 2026-01-06 00:44:23 | Deep Dive |