[MEDIUM] Pterodactyl TOTPs can be reused during validity window

PKSA-nk76-8zr3-7ywp CVE-2025-69197 GHSA-rgmp-4873-r683

Affected version: <1.12.0

Reported by:
GitHub

[HIGH] Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced

PKSA-zfwd-jx3t-62gc CVE-2025-68954 GHSA-8c39-xppg-479c

Affected version: <1.12.0

Reported by:
GitHub

[LOW] Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host”

PKSA-5dmg-k8vm-rbb6 GHSA-mgr9-6c2j-jxrq

Affected version: <1.12.0

Reported by:
GitHub