Panel Vulnerabilities

pip ML UI

AI Threat Alert tracks 43 known vulnerabilities in Panel, 15 rated critical — an AI/ML ml ui in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
26
Risk Score
43
Total CVEs
15
Critical
pip
Ecosystem
Jul 2, 2026
Last CVE
59%
Patch Rate
6d
Avg Time to Patch
5,708 stars 609 forks 1,120 issues 479 dependents Last push Jun 18, 2026
View on GitHub
OpenSSF Scorecard 6.6/10

Known Vulnerabilities (42 total, page 1 of 2)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-9557 Mautic Focus: SSRF enables internal network recon 6.4 Jul 2, 2026 MEDIUM GHSA-j7f5-gfqm-pcx3 Pterodactyl Panel: Client email change endpoint allows enumeration of accounts in system -- Jun 26, 2026 MEDIUM GHSA-7cqp-7cfv-6c3q AVideo Meet: Stored XSS via User-Agent → admin takeover -- Jun 23, 2026 CRITICAL CVE-2018-25117 VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or r -- Oct 15, 2025 MEDIUM CVE-2026-48500 Filament: unauth file upload drains disk/inflates costs 6.5 Jun 22, 2026 HIGH CVE-2026-54317 Home Assistant Konnected: auth bypass leaks alarm panel state 7.6 Jun 19, 2026 MEDIUM CVE-2026-49274 Kirby CMS: missing auth exposes restricted page titles -- Jun 18, 2026 HIGH CVE-2026-49276 Kirby CMS: XSS via writer field malicious links -- Jun 18, 2026 MEDIUM CVE-2026-50188 Kirby CMS: CRLF injection overrides outbound HTTP headers -- Jun 18, 2026 HIGH CVE-2026-54002 Kirby CMS: stored XSS bypasses DOM sanitizer via unwrap flaw -- Jun 18, 2026 CRITICAL CVE-2026-54003 Kirby CMS: admin takeover via reverse proxy header bypass -- Jun 18, 2026 HIGH CVE-2025-0616 Netsis Panel: unauthenticated SQLi enables data exfiltration 8.2 Oct 3, 2025 MEDIUM CVE-2025-7014 Menu Panel: session fixation enables session hijacking 5.7 Jan 29, 2026 MEDIUM CVE-2025-7013 Menu Panel: IDOR auth bypass exposes confidential data 5.7 Jan 29, 2026 CRITICAL CVE-2025-14014 Smart Panel: unauthenticated file upload enables RCE 9.8 Feb 12, 2026 CRITICAL CVE-2024-6684 Nova Panel N7: auth bypass via alternate channel (EOL) -- Aug 12, 2024 CRITICAL CVE-2024-5958 Panel: SQL injection enables OS command execution -- Sep 18, 2024 CRITICAL CVE-2024-5960 Panel: plaintext credential storage enables domain compromise 9.8 Sep 18, 2024 CRITICAL CVE-2024-5959 Panel: Stored XSS enables session hijack in ML dashboards -- Sep 18, 2024 CRITICAL CVE-2024-6878 Panel: file exposure enables sensitive ML data collection -- Sep 18, 2024 CRITICAL CVE-2024-6877 Panel: Reflected XSS enables session hijack in ML UI -- Sep 18, 2024 MEDIUM CVE-2019-6576 SIMATIC WinCC: TLS key disclosure enables traffic decryption 6.5 May 14, 2019 CRITICAL CVE-2024-13147 B2B Login Panel: SQLi enables unauthenticated DB access 9.8 Mar 5, 2025 CRITICAL CVE-2024-13152 Mobuy Panel: SQLi allows unauthenticated DB takeover 10.0 Feb 14, 2025 CRITICAL GHSA-8whc-2wmv-ww35 AVideo YPTSocket: Stored DOM XSS enables admin takeover 9.6 Jun 4, 2026

Showing 1–25 of 42

Frequently asked questions

What is Panel?

Panel is an AI/ML ml ui tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Panel have?

Panel has 43 known CVEs, 15 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Panel distributed in?

Panel is distributed via the pip ecosystem and categorized as ml ui.

Where does the Panel vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Panel?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Panel in your stack

Get instant alerts when new vulnerabilities affect Panel. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring