CVE-2026-23525

< 1.10.34

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting (XSS) vulnerability e

6.4MEDIUM

CVE-2025-34430

>= 1.10.33-lts and <= 2.0.15

1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management func

4.3MEDIUM

CVE-2025-34429

>= 1.10.33-lts and <= 2.0.15

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functiona

7.1HIGH

CVE-2025-34410

>= 1.10.33-lts and <= 2.0.15

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality a

7.1HIGH

CVE-2025-66508

< 2.0.14

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configu

6.5MEDIUM

CVE-2025-66507

< 2.0.14

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated

7.5HIGH

CVE-2025-56413

all versions

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the

8.8HIGH

CVE-2025-54424

< 2.0.6

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versi

8.1HIGH

CVE-2024-39911

>= 1.10.10-lts and < 1.10.12-lts

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling.

10.0CRITICAL

CVE-2024-39907

>= 1.10.9-lts and < 1.10.12-lts

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are no

9.8CRITICAL

CVE-2024-34352

< 1.10.3-lts

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command in

6.5MEDIUM

CVE-2024-30257

< 1.10.3-lts

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code use

3.9LOW

CVE-2024-2352

< 1.10.2-lts

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the functi

6.3MEDIUM

CVE-2024-27288

< 1.10.1-lts

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp

6.3MEDIUM

CVE-2024-24768

all versions

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does

6.5MEDIUM

CVE-2023-39966

all versions

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulner

7.5HIGH

CVE-2023-39965

all versions

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can do

6.5MEDIUM

CVE-2023-39964

all versions

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an

7.5HIGH

CVE-2023-37477

< 1.4.3

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in

7.2HIGH

CVE-2023-36458

< 1.3.6

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacke

6.3MEDIUM

CVE-2023-36457

< 1.3.6

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacke

6.3MEDIUM