Vulnerabilidades em pterodactyl
21 resultadosCVE-2025-49132CRITICALPterodactyl Panel Allows Unauthenticated Arbitrary Remote Code ExecutionEPSS 13.1%CVE-2021-41129HIGHAuthentication bypass in PterodactylEPSS 1.7%CVE-2019-1020002—Pterodactyl before 0.7.14 with 2FA allows credential sniffing.EPSS 1.5%CVE-2023-25168CRITICALSymbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wingsEPSS 1.0%CVE-2023-32080CRITICALWings vulnerable to escape to host from installation containerEPSS 0.9%CVE-2023-25152HIGHSymbolic Link (Symlink) Following in github.com/pterodactyl/wingsEPSS 0.7%CVE-2024-27102CRITICALImproper isolation of server file access in github.com/pterodactyl/wingsEPSS 0.5%CVE-2024-34066HIGHArbitrary File Write/Read in Pterodactyl wingsEPSS 0.5%CVE-2021-41176MEDIUMlogout CSRF in Pterodactyl PanelEPSS 0.5%CVE-2026-21696HIGHEndless reprocessing/reupload of activity log data due to SQLite max parameters limit not being consideredEPSS 0.5%CVE-2024-34067MEDIUMMultiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panelEPSS 0.5%CVE-2024-34068MEDIUMServer-side Request Forgery during remote file pull in Pterodactyl wingsEPSS 0.4%CVE-2021-41273MEDIUMCross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keysEPSS 0.4%CVE-2025-69197MEDIUMPterodactyl TOTPs can be reused during validity windowEPSS 0.3%CVE-2026-26016CRITICALPterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing AuthorizationEPSS 0.3%CVE-2021-32699MEDIUMAsymmetric Resource Consumption (Amplification) in Docker containers created by WingsEPSS 0.3%CVE-2025-69199HIGHPterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstancesEPSS 0.3%CVE-2025-68954HIGHPterodactyl does not revoke SFTP access when server is deleted or permissions reducedEPSS 0.2%CVE-2025-69198MEDIUMPterodactyl's improper resource locking allows raced queries to create more resources than allotedEPSS 0.2%CVE-2026-35202LOWPterodactyl has a database resource limit bypass via race condition in Client APIEPSS 0.2%