cbcvebase.

Donknap Dpanel vulnerabilities

3 known vulnerabilities affecting donknap/dpanel.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-30206P2CRITICALCVSS 9.8fixed in 1.6.12025-04-15
CVE-2025-30206 [CRITICAL] CWE-321 CVE-2025-30206: Dpanel is a Docker visualization panel system which provides complete Docker management functions. T Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded se
nvd
CVE-2025-66292P3HIGHCVSS 8.1fixed in 1.9.22026-01-15
CVE-2025-66292 [HIGH] CWE-22 CVE-2025-66292: DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitr DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative backend, this interface can be used to delete files. The
nvd
CVE-2025-53363P4MEDIUMCVSS 4.8v>= 1.2.0, <= 1.7.22025-08-22
CVE-2025-53363 [MEDIUM] CWE-22 CVE-2025-53363: dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpa dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in app/application/http/controller/compose.go, where the uri parameter is pas
nvd
Donknap Dpanel vulnerabilities | cvebase