dst-admin_project CVE Vulnerabilities & Metrics

Focus on dst-admin_project vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About dst-admin_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dst-admin_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dst-admin_project CVEs: 8
Earliest CVE date: 10 Jan 2022, 15:15 UTC
Latest CVE date: 22 Feb 2026, 23:15 UTC

Latest CVE reference: CVE-2026-2957

Rolling Stats

30-day Count (Rolling): 2
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dst-admin_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.38

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	7
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS dst-admin_project CVEs

These are the five CVEs with the highest CVSS scores for dst-admin_project, sorted by severity first and recency.

CVE-2026-2956 dst-admin_project Published on 22 Feb 2026, 22:15 UTC (CVSS: 6.5)
A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-0649 dst-admin_project Published on 02 Feb 2023, 15:17 UTC (CVSS: 6.5)
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036.
CVE-2023-0648 dst-admin_project Published on 02 Feb 2023, 15:17 UTC (CVSS: 6.5)
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035.
CVE-2023-0647 dst-admin_project Published on 02 Feb 2023, 15:17 UTC (CVSS: 6.5)
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability.
CVE-2023-0646 dst-admin_project Published on 02 Feb 2023, 15:17 UTC (CVSS: 6.5)
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability.

All CVEs for dst-admin_project

CVE-2026-2957 dst-admin_project vulnerability CVSS: 5.5 22 Feb 2026, 23:15 UTC

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2956 dst-admin_project vulnerability CVSS: 6.5 22 Feb 2026, 22:15 UTC

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-43270 dst-admin_project vulnerability CVSS: 0 22 Sep 2023, 19:15 UTC

dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.

CVE-2023-0649 dst-admin_project vulnerability CVSS: 6.5 02 Feb 2023, 15:17 UTC

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036.

CVE-2023-0648 dst-admin_project vulnerability CVSS: 6.5 02 Feb 2023, 15:17 UTC

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035.

CVE-2023-0647 dst-admin_project vulnerability CVSS: 6.5 02 Feb 2023, 15:17 UTC

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability.

CVE-2023-0646 dst-admin_project vulnerability CVSS: 6.5 02 Feb 2023, 15:17 UTC

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability.

CVE-2021-44586 dst-admin_project vulnerability CVSS: 5.0 10 Jan 2022, 15:15 UTC

An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.