pkg:Packagist/pterodactyl/panel

所有已知漏洞

• CRITICAL10.0CVE-2025-49132Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
  from 0, < 1.11.11
• HIGH8.1CVE-2021-41129Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
  >= 1.0.0, < 1.6.2
• HIGH7.5CVE-2019-1020002Pterodactyl vulnerable to 2FA Sniffing
  from 0, < 0.7.14
• MEDIUM6.5CVE-2025-69198Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted
  from 0, < 1.12.0
• MEDIUM6.5CVE-2025-69197Pterodactyl TOTPs can be reused during validity window
  from 0, < 1.12.0
• MEDIUM6.1CVE-2024-34067Pterodactyl panel's admin area vulnerable to Cross-site Scripting
  from 0, < 1.11.6
• MEDIUM4.6CVE-2024-49762Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
  from 0, < 1.11.8
• MEDIUM4.3CVE-2021-41273Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
  from 0, < 1.6.6
• NONE0.0CVE-2021-41176pterodactyl/panel CSRF allowing an external page to trigger a user logout event
  >= 1.0.0, < 1.6.3
• —CVE-2026-35202Pterodactyl has a database resource limit bypass via race condition in Client API
  from 0, < 1.12.3
• —CVE-2026-26016Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
  from 0, < 1.12.1
• —CVE-2025-68954Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced in github.com/pterodactyl/wings
  from 0, < 1.12.0