froxlor security advisories
4 threat alerts tracking vulnerabilities and security advisories that affect froxlor products.
Vulnios monitors froxlor CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent froxlor security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-41228 — froxlor — froxlor
Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against
criticalCVE-2026-41228Critical Vulnerability: CVE-2026-41229 — froxlor — froxlor
Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single quo
criticalCVE-2026-41229Critical Vulnerability: CVE-2015-5959 — froxlor — froxlor
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
criticalCVE-2015-5959Critical Vulnerability: CVE-2016-5100 — froxlor — froxlor
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
criticalCVE-2016-5100
Track froxlor exposure across your environment
Vulnios automatically cross-references your asset inventory against new froxlor CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan