cbcvebase.

Github.Com Donknap Dpanel vulnerabilities

3 known vulnerabilities affecting github.com/donknap_dpanel.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-30206P2CRITICAL≥ 0, < 1.6.12025-04-15
CVE-2025-30206 [CRITICAL] CWE-321 Dpanel's hard-coded JWT secret leads to remote code execution Dpanel's hard-coded JWT secret leads to remote code execution ### Summary The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. ### Details The Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly within its source code. This securit
ghsaosv
CVE-2025-66292P3HIGH≥ 0, < 1.9.22026-01-15
CVE-2025-66292 [HIGH] CWE-22 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface ### Summary DPanel has an arbitrary file deletion vulnerability in the `/api/common/attach/delete` interface. Authenticated users can delete arbitrary files on the server via path traversal. ### Details When a user logs into the administrative backend, this interface can be used to dele
ghsaosv
CVE-2025-53363P4MEDIUM≥ 1.2.0, ≤ 1.7.22025-08-22
CVE-2025-53363 [MEDIUM] CWE-22 Dpanel has an arbitrary file read vulnerability Dpanel has an arbitrary file read vulnerability ### Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. ### Details When a user logs into the administrative backend, this interface can read any files on the host/sever (given the necessary permissions), which may lead to system information leaka
ghsaosv
Github.Com Donknap Dpanel vulnerabilities | cvebase