| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-26016 | Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization | pterodactyl | panel | 高危 | - | 2026-02-19 15:55:20 | Deep Dive |
| CVE-2026-21696 | Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered | pterodactyl | wings | - | - | 2026-01-19 19:25:43 | Deep Dive |
| CVE-2025-69199 | Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances | pterodactyl | panel | - | - | 2026-01-19 19:17:54 | Deep Dive |
| CVE-2025-69198 | Pterodactyl's improper resource locking allows raced queries to create more resources than alloted | pterodactyl | panel | - | - | 2026-01-19 19:05:39 | Deep Dive |
| CVE-2025-69197 | Pterodactyl TOTPs can be reused during validity window | pterodactyl | panel | Medium | 6.5 | 2026-01-06 00:44:23 | Deep Dive |
| CVE-2025-68954 | Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced | pterodactyl | panel | 中危 | - | 2026-01-06 00:31:15 | Deep Dive |
| CVE-2025-49132 | Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution | pterodactyl | panel | Critical | 10.0 | 2025-06-20 16:56:41 | Deep Dive |
| CVE-2024-49762 | Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled | pterodactyl | panel | Medium | 4.6 | 2024-10-24 21:39:25 | Deep Dive |
| CVE-2024-34066 | Arbitrary File Write/Read in Pterodactyl wings | pterodactyl | wings | High | 8.4 | 2024-05-03 17:42:12 | Deep Dive |
| CVE-2024-34067 | Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel | pterodactyl | panel | Medium | 6.1 | 2024-05-03 17:38:18 | Deep Dive |
| CVE-2024-34068 | Server-side Request Forgery during remote file pull in Pterodactyl wings | pterodactyl | wings | Medium | 6.4 | 2024-05-03 17:34:16 | Deep Dive |
| CVE-2024-27102 | Improper isolation of server file access in github.com/pterodactyl/wings | pterodactyl | wings | Critical | 9.9 | 2024-03-13 20:28:08 | Deep Dive |
| CVE-2023-32080 | Wings vulnerable to escape to host from installation container | pterodactyl | wings | Critical | 9.0 | 2023-05-10 20:07:17 | Deep Dive |
| CVE-2023-25168 | Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings | pterodactyl | wings | Critical | 9.6 | 2023-02-08 23:43:29 | Deep Dive |
| CVE-2023-25152 | Symbolic Link (Symlink) Following in github.com/pterodactyl/wings | pterodactyl | wings | High | 8.4 | 2023-02-08 18:52:29 | Deep Dive |
| CVE-2021-41273 | Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys | pterodactyl | panel | Medium | 4.3 | 2021-11-17 19:30:12 | Deep Dive |
| CVE-2021-41176 | logout CSRF in Pterodactyl Panel | pterodactyl | panel | Medium | 4.3 | 2021-10-25 16:50:10 | Deep Dive |
| CVE-2021-41129 | Authentication bypass in Pterodactyl | pterodactyl | panel | High | 8.1 | 2021-10-06 20:05:11 | Deep Dive |
| CVE-2021-32699 | Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings | pterodactyl | wings | Medium | 6.5 | 2021-06-22 19:20:10 | Deep Dive |
| CVE-2019-1020002 | Pterodactyl 信息泄露漏洞 | Pterodactyl | Pterodactyl Panel | 高危 | - | 2019-07-29 14:25:23 | Deep Dive |