| CVE-2026-35202 |
low |
— |
2.5 |
|
|
|
8d ago |
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocat… |
| CVE-2025-49132 |
unknown |
— |
1.0 |
|
|
|
1y ago |
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution |
| CVE-2026-26016 |
unknown |
— |
— |
|
|
|
4mo ago |
Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization |
| CVE-2025-69198 |
unknown |
— |
— |
|
|
|
5mo ago |
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted |
| CVE-2025-69197 |
unknown |
— |
— |
|
|
|
5mo ago |
Pterodactyl TOTPs can be reused during validity window |
| CVE-2025-68954 |
unknown |
— |
— |
|
|
|
5mo ago |
Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced |
| CVE-2024-49762 |
unknown |
— |
— |
|
|
|
2y ago |
Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled |
| CVE-2024-34067 |
unknown |
— |
— |
|
|
|
2y ago |
Pterodactyl panel's admin area vulnerable to Cross-site Scripting |
| CVE-2019-1020002 |
unknown |
— |
— |
|
|
|
4y ago |
Pterodactyl vulnerable to 2FA Sniffing |
| CVE-2021-41273 |
unknown |
— |
— |
|
|
|
5y ago |
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys |
| CVE-2021-41176 |
unknown |
— |
— |
|
|
|
5y ago |
pterodactyl/panel CSRF allowing an external page to trigger a user logout event |
| CVE-2021-41129 |
unknown |
— |
— |
|
|
|
5y ago |
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification |
