GCVE - cpe:2.3:a:ajenti:ajenti:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ajenti:ajenti:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ajenti (`2b22262f-7a72-5647-a13c-c19ec85e1651`)
Product	Ajenti (`08f0a6ac-b575-58fa-8a24-7f5e3f1d4518`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ajenti/ajenti`	purl2cpe	2026-06-01 10:15:30.263068

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-40178`	vulnerable	2026-06-08 08:01:20.003638	ajenti.plugin.core has a race conditions in 2FA ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112. Published: 2026-04-10T19:30:47.083Z Updated: 2026-04-14T03:55:43.193Z Open on db.gcve.eu Reference links https://github.com/ajenti/ajenti/security/advisories/GHSA-8647-755q-fw9p	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-40177`	vulnerable	2026-06-08 08:01:20.002431	Password bypass when 2FA is activated ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112. Published: 2026-04-10T19:29:00.851Z Updated: 2026-04-14T13:26:56.925Z Open on db.gcve.eu Reference links https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-35175`	vulnerable	2026-06-08 07:59:13.675562	Ajenti has an authorization bypass during custom package installation Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15. Published: 2026-04-06T17:51:54.898Z Updated: 2026-04-07T15:59:22.076Z Open on db.gcve.eu Reference links https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2 https://github.com/ajenti/ajenti/releases/tag/v2.2.15	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-27975`	vulnerable	2026-06-08 07:55:14.757871	Ajenti has a potential Remote Code Execution Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13. Published: 2026-02-26T02:39:28.283Z Updated: 2026-02-27T14:13:28.184Z Open on db.gcve.eu Reference links https://github.com/ajenti/ajenti/security/advisories/GHSA-vcw3-r3fx-j444 https://github.com/ajenti/ajenti/releases/tag/v2.2.13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-4301`	vulnerable	2026-06-08 05:05:44.547112	Details available Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page. Published: 2014-06-18T14:00:00.000Z Updated: 2024-08-06T11:12:34.546Z Open on db.gcve.eu Reference links https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120 http://secunia.com/advisories/59177 https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti http://www.securityfocus.com/bid/68047	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.