Wings
Monthly
Wings for Pterodactyl versions 1.7.0 through 1.11.x fail to respect SQLite's maximum parameter limit when deleting activity log entries, allowing authenticated users to trigger a database error that prevents log cleanup and causes indefinite accumulation of records. This denial of service condition degrades panel performance and availability over time. Public exploit code exists for this vulnerability, and no patch is currently available.
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. [CVSS 6.5 MEDIUM]
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. [CVSS 5.4 MEDIUM]
Wings for Pterodactyl versions 1.7.0 through 1.11.x fail to respect SQLite's maximum parameter limit when deleting activity log entries, allowing authenticated users to trigger a database error that prevents log cleanup and causes indefinite accumulation of records. This denial of service condition degrades panel performance and availability over time. Public exploit code exists for this vulnerability, and no patch is currently available.
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. [CVSS 6.5 MEDIUM]
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. [CVSS 5.4 MEDIUM]