| CVE-2016-5100 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Froxlor guessable password reset token |
| CVE-2026-41236 |
high |
8.8 |
8.8 |
|
|
|
7d ago |
Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning cod… |
| CVE-2026-41234 |
high |
7.6 |
7.6 |
|
|
|
2d ago |
Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer… |
| CVE-2026-41237 |
unknown |
— |
— |
|
|
|
7d ago |
Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0`… |
| CVE-2026-41235 |
unknown |
— |
— |
|
|
|
7d ago |
Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However… |
