[CRITICAL] Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

PKSA-7fcd-gcsm-y5fk CVE-2025-49132 GHSA-24wv-6c99-f843

Affected version: <=1.11.10

Reported by:
GitHub

[MEDIUM] Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

PKSA-r7r5-9g2g-bhnx CVE-2024-49762 GHSA-c479-wq8g-57hr

Affected version: <1.11.8

Reported by:
GitHub