Fit2cloud 1panel

21 CVEs affecting Fit2cloud 1panel. Latest disclosed: 2026-01-18. Critical: 2, High: 8.

Top CVEs affecting Fit2cloud 1panel
CVESeverityScorePublishedSummary
CVE-2024-39911Critical10.02024-07-181Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addresse…
CVE-2024-39907Critical9.82024-07-181Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to a…
CVE-2025-56413High8.82025-09-10OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /…
CVE-2025-54424High8.12025-08-011Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTP…
CVE-2025-66507High7.52025-12-091Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA v…
CVE-2023-39966High7.52023-08-101Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct…
CVE-2023-39964High7.52023-08-101Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary im…
CVE-2023-37477High7.22023-07-181Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality…
CVE-2025-34429High7.12025-12-101Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoin…
CVE-2025-34410High7.12025-12-101Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings pan…
CVE-2025-66508Medium6.52025-12-091Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP ad…
CVE-2024-34352Medium6.52024-05-141Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and…
CVE-2024-24768Medium6.52024-02-051Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword…
CVE-2023-39965Medium6.52023-08-101Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files throug…
CVE-2026-23525Medium6.42026-01-181Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting (XSS) vulnerability exists in the 1Panel App Store…
CVE-2024-2352Medium6.32024-03-10A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap o…
CVE-2024-27288Medium6.32024-03-061Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access…
CVE-2023-36458Medium6.32023-07-051Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious paylo…
CVE-2023-36457Medium6.32023-07-051Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious paylo…
CVE-2025-34430Medium4.32025-12-101Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpo…