| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-68954 | Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced | pterodactyl | panel | 中危 | - | 2026-01-06 00:31:15 | Deep Dive |
| CVE-2025-64400 | Insufficient permission checks when pre-enrolling users Summary | Palantir | com.palantir.controlpanel:control-panel | Medium | 4.1 | 2025-12-18 19:32:30 | Deep Dive |
| CVE-2025-12961 | Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification | arkadiykilesso | Download Panel (Biggiko Team) | Medium | 4.3 | 2025-11-18 08:27:37 | Deep Dive |
| CVE-2025-11722 | Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion | ikhodal | Woocommerce Category and Products Accordion Panel | High | 7.5 | 2025-10-15 08:25:56 | Deep Dive |
| CVE-2018-25117 | VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise | Vesta | Control Panel (CP) | - | - | 2025-10-15 01:23:35 | Deep Dive |
| CVE-2025-0616 | SQLi in Teknolojik Center Telecommunication's B2B - Netsis Panel | Teknolojik Center Telecommunication Industry Trade Co. Ltd. | B2B - Netsis Panel | High | 8.2 | 2025-10-03 08:05:09 | Deep Dive |
| CVE-2025-48703 | Control Web Panel 操作系统命令注入漏洞 | centos-webpanel | CentOS Web Panel | Critical | 9.0 | 2025-09-19 00:00:00 | Deep Dive |
| CVE-2025-53783 | Microsoft Teams Remote Code Execution Vulnerability | Microsoft | Microsoft Teams for Android | High | 7.5 | 2025-08-12 17:10:41 | Deep Dive |
| CVE-2025-30033 | Siemens多款产品 代码问题漏洞 | Siemens | Automation License Manager V6.0 | High | 7.8 | 2025-08-12 11:16:57 | Deep Dive |
| CVE-2025-53534 | RatPanel can perform remote command execution without authorization | tnb-labs | panel | - | - | 2025-08-05 20:58:56 | Deep Dive |
| CVE-2025-4407 | Application does not invalidate session after password reset | ABB | Lite Panel Pro | Medium | 6.7 | 2025-06-30 11:16:40 | Deep Dive |
| CVE-2025-52562 | Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution | ConvoyPanel | panel | Critical | 10.0 | 2025-06-23 20:48:17 | Deep Dive |
| CVE-2025-49132 | Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution | pterodactyl | panel | Critical | 10.0 | 2025-06-20 16:56:41 | Deep Dive |
| CVE-2025-5928 | WP Sliding Login/Dashboard Panel <= 2.1.1 - Cross-Site Request Forgery to Settings Update | fay-1 | WP Sliding Login/Dashboard Panel | Medium | 4.3 | 2025-06-13 01:47:51 | Deep Dive |
| CVE-2025-46352 | Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials | Consilium Safety | CS5000 Fire Panel | Critical | 9.8 | 2025-05-29 23:18:34 | Deep Dive |
| CVE-2025-41438 | Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default | Consilium Safety | CS5000 Fire Panel | Critical | 9.8 | 2025-05-29 23:17:18 | Deep Dive |
| CVE-2025-39556 | WordPress Mediavine Control Panel plugin <= 2.10.6 - Sensitive Data Exposure vulnerability | mediavine | Mediavine Control Panel | Medium | 5.3 | 2025-04-16 12:44:35 | Deep Dive |
| CVE-2025-2002 | Schneider Electric EcoStruxure Panel Server 日志信息泄露漏洞 | Schneider Electric | EcoStruxure Panel Server | Medium | 6.0 | 2025-03-12 15:25:20 | Deep Dive |
| CVE-2025-2189 | Information Disclosure Vulnerability in Tinxy Smart Devices | Mogify Infotech | Tinxy Wi-Fi Lock Controller v1 RF | 中危 | - | 2025-03-11 11:40:20 | Deep Dive |
| CVE-2024-13147 | SQLi in Merkur Software's B2B Login Panel | Merkur Software | B2B Login Panel | Critical | 9.8 | 2025-03-05 14:06:04 | Deep Dive |