1panel-dev

Top products

The 15 most recently published vulnerabilities affecting 1panel-dev.

• CVE-2026-105671Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting3.5Jun 2, 2026
• CVE-2026-105141Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting2.4Jun 1, 2026
• CVE-2026-44847MaxKB: Webhook Trigger Authentication Bypass7.5May 26, 2026
• CVE-2026-39426MaxKB: Stored XSS via Unsanitized iframe_render Parsing5.4Apr 14, 2026
• CVE-2026-39425MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering5.4Apr 14, 2026
• CVE-2026-39419MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing3.1Apr 14, 2026
• CVE-2026-39424MaxKB has CSV Injection in its Application Chat Export Functionality4.7Apr 14, 2026
• CVE-2026-39423Stored XSS via Eval Injection in EchartsRander Component5.4Apr 14, 2026
• CVE-2026-39422MaxKB has Stored XSS via ChatHeadersMiddleware5.4Apr 14, 2026
• CVE-2026-39421MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect6.3Apr 14, 2026
• CVE-2026-39420MaxKB: Sandbox escape via LD_PRELOAD bypass6.3Apr 14, 2026
• CVE-2026-39418MaxKB: SSRF via sandbox network hook bypass5.0Apr 14, 2026
• CVE-2026-39417MaxKB: RCE via MCP stdio command injection in workflow engine4.6Apr 14, 2026
• CVE-2025-156321Panel-dev MaxKB MdPreview chat.ts cross site scripting3.5Apr 13, 2026
• CVE-2026-61081Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection6.3Apr 12, 2026