VYPR
Vendor

Pan

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2026-36829CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing…

  • CVE-2024-31601CriApr 26, 2024
    risk 0.64cvss 9.8epss 0.00

    An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.

  • CVE-2026-36828HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.02

    A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter.

  • CVE-2026-36827MedMay 19, 2026
    risk 0.35cvss 5.4epss 0.01

    A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows…

  • CVE-2024-2014Feb 29, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has…

  • CVE-2008-2363Jun 2, 2008
    risk 0.00cvss epss 0.06

    The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based…

  • CVE-2003-0855Nov 3, 2003
    risk 0.00cvss epss 0.02

    Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.