aapanel CVE 脆弱性と CVE 一覧(8)

製品(CPE): — CVE 件数: 8

aapanel 脆弱性概要

aapanel 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に パス処理の欠陥 and vendor risk file inclusion などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 18 / 8 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-29859 An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file. [email protected] 9.8 0.51% 2026-03-18 2026-06-17
CVE-2026-29858 A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure. [email protected] 7.5 0.31% 2026-03-18 2026-06-17
CVE-2026-29856 An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input. [email protected] 7.5 0.34% 2026-03-18 2026-06-17
CVE-2024-42922 AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability. [email protected] 6.5 0.92% 2025-05-21 2026-06-17
CVE-2022-26252 aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). [email protected] 6.5 1.75% 2022-03-27 2026-06-17
CVE-2021-37840 aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome). [email protected] 8.8 1.66% 2021-08-02 2026-06-17
CVE-2020-14950 aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. [email protected] 8.8 2.60% 2020-06-21 2026-06-16
CVE-2020-14421 aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. [email protected] 7.2 5.97% 2020-06-18 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence