Github.Com Donknap Dpanel vulnerabilities
3 known vulnerabilities affecting github.com/donknap_dpanel.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-30206P2CRITICAL≥ 0, < 1.6.12025-04-15
CVE-2025-30206 [CRITICAL] CWE-321 Dpanel's hard-coded JWT secret leads to remote code execution
Dpanel's hard-coded JWT secret leads to remote code execution
### Summary
The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine.
### Details
The Dpanel service, when initiated using its default configuration, includes a hardcoded JWT secret embedded directly within its source code. This securit
ghsaosv
CVE-2025-66292P3HIGH≥ 0, < 1.9.22026-01-15
CVE-2025-66292 [HIGH] CWE-22 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface
### Summary
DPanel has an arbitrary file deletion vulnerability in the `/api/common/attach/delete` interface. Authenticated users can delete arbitrary files on the server via path traversal.
### Details
When a user logs into the administrative backend, this interface can be used to dele
ghsaosv
CVE-2025-53363P4MEDIUM≥ 1.2.0, ≤ 1.7.22025-08-22
CVE-2025-53363 [MEDIUM] CWE-22 Dpanel has an arbitrary file read vulnerability
Dpanel has an arbitrary file read vulnerability
### Summary
Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files.
### Details
When a user logs into the administrative backend, this interface can read any files on the host/sever (given the necessary permissions), which may lead to system information leaka
ghsaosv