hestiacp control_panel の CVE(15 件)

CVE 件数: 15 CPE versions: View versions table

概要

本ページは hestiacp control_panel に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 115 / 15 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-47871 Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server. [email protected] 8.6 0.42% 2026-01-21 2026-06-17
CVE-2023-5839 Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. [email protected] 7.8 0.29% 2023-10-28 2026-06-17
CVE-2023-3479 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. [email protected] 6.1 1.28% 2023-06-30 2026-06-17
CVE-2021-30071 A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. [email protected] 6.1 0.48% 2022-08-18 2026-06-16
CVE-2022-2636 Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. [email protected] 8.5 1.08% 2022-08-05 2026-06-17
CVE-2022-2626 Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. [email protected] 7.2 1.05% 2022-08-05 2026-06-17
CVE-2022-2550 OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. [email protected] 8.8 47.49% 2022-07-27 2026-06-17
CVE-2022-1509 Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. [email protected] 9.9 4.59% 2022-04-28 2026-06-17
CVE-2022-0986 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. [email protected] 6.1 0.85% 2022-03-16 2026-06-17
CVE-2022-0752 Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. [email protected] 6.1 0.95% 2022-03-04 2026-06-17
CVE-2022-0838 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. [email protected] 6.1 1.08% 2022-03-04 2026-06-17
CVE-2022-0753 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. [email protected] 6.1 0.82% 2022-03-03 2026-06-17
CVE-2021-3797 hestiacp is vulnerable to Use of Wrong Operator in String Comparison [email protected] 9.8 1.11% 2021-09-15 2026-06-17
CVE-2021-27231 Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. [email protected] 5.4 1.41% 2021-02-15 2026-06-16
CVE-2020-10966 In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. [email protected] 6.5 1.85% 2020-03-25 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence