Convoypanel Panel vulnerabilities
2 known vulnerabilities affecting convoypanel/panel.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-52562P2CRITICALCVSS 10.0v>= 3.9.0-rc.3, < 4.4.12025-06-23
CVE-2025-52562 [CRITICAL] CWE-22 CVE-2025-52562: Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.
Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace
nvd
CVE-2026-33746P2CRITICALCVSS 9.8v>= 3.9.0-beta, < 4.5.12026-04-02
CVE-2026-33746 [CRITICAL] CWE-287 CVE-2026-33746: Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before ve
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated time-based claims (exp, nbf, iat) using the StrictV
nvd