froxlor/froxlor vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-Q4RM-M6XH-5PV7Mediumfroxlor/froxlor: Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add APIGHSA-MR9H-45P9-FG8HMediumfroxlor/froxlor: Froxlor: Authenticated customers can read other customers' allowed sender aliasesCVE-2026-52793Highfroxlor/froxlor: Froxlor's API Authentication bypasses 2FA AuthenticationCVE-2026-41234Highfroxlor/froxlor: Froxlor: BIND Zone File Injection via TXT Record ContentCVE-2026-41237Highfroxlor/froxlor: Froxlor has an incomplete fix for CVE-2026-30932CVE-2026-41236Highfroxlor/froxlor: Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` pathCVE-2026-41235Highfroxlor/froxlor: Froxlor has an authorization bypass in FTP shell assignment via missing server-side…CVE-2026-41228Criticalfroxlor/froxlor: Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote…CVE-2026-41229Criticalfroxlor/froxlor: Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation…CVE-2026-41230Highfroxlor/froxlor: Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()CVE-2026-41231Highfroxlor/froxlor: Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership…CVE-2026-41232Mediumfroxlor/froxlor: Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows…CVE-2026-41233Mediumfroxlor/froxlor: Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()CVE-2026-30932Highfroxlor/froxlor: Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones…CVE-2026-26279Criticalfroxlor/froxlor: Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command InjectionCVE-2025-48958Mediumfroxlor/froxlor: Froxlor has an HTML Injection VulnerabilityCVE-2025-29773Mediumfroxlor/froxlor: Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege…GHSA-34QG-65M4-F23MHighfroxlor/froxlor: Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>CVE-2024-34070Criticalfroxlor/froxlor: Blind XSS Leading to Froxlor Application CompromiseCVE-2023-50256Highfroxlor/froxlor: Froxlor username/surname AND company field BypassCVE-2023-6069Criticalfroxlor/froxlor: Froxlor Improper Input Validation vulnerabilityCVE-2023-4829Mediumfroxlor/froxlor: Cross-site Scripting (XSS) in froxlor/froxlorCVE-2023-5564Mediumfroxlor/froxlor: Cross-site Scripting (XSS) in froxlor/froxlorCVE-2023-4304Lowfroxlor/froxlor: Froxlor vulnerable to business logic errorsCVE-2023-3668Criticalfroxlor/froxlor: Froxlor vulnerable to Improper Encoding or Escaping of Output

Stop the waste.
Protect your environment with Kodem.