Master
by Airleader
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1358 | Cri | 0.64 | 9.8 | 0.00 | Feb 12, 2026 | Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server. | ||
| CVE-2025-46612 | 0.00 | — | 0.02 | Jun 10, 2025 | The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard. |
- risk 0.64cvss 9.8epss 0.00
Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.
- CVE-2025-46612Jun 10, 2025risk 0.00cvss —epss 0.02
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.