Vulnerabilities > Portainer > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-24961 | Unspecified vulnerability in Portainer In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | 9.8 |
| 2021-03-16 | CVE-2020-24264 | Incorrect Authorization vulnerability in Portainer Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. | 9.8 |
| 2019-11-07 | CVE-2019-16872 | Unspecified vulnerability in Portainer Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | 9.9 |
| 2019-03-27 | CVE-2018-19466 | Insufficiently Protected Credentials vulnerability in Portainer A vulnerability was found in Portainer before 1.20.0. | 9.8 |
| 2018-11-20 | CVE-2018-19367 | Unspecified vulnerability in Portainer Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. | 9.8 |
| 2018-06-22 | CVE-2018-12678 | Server-Side Request Forgery (SSRF) vulnerability in Portainer Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | 9.8 |