Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cpanel vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2017-18452
cPanel prior to 64.0.21 allows code execution via Rails configuration files (SEC-259).
Cpanel Cpanel
7.5
CVSSv3
CVE-2021-26266
cPanel prior to 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
Cpanel Cpanel
7.5
CVSSv3
CVE-2021-26267
cPanel prior to 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
Cpanel Cpanel
6.1
CVSSv3
CVE-2018-16236
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
Cpanel Cpanel
2.7
CVSSv3
CVE-2017-18382
cPanel prior to 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
Cpanel Cpanel
NA
CVE-2006-3337
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the file parameter.
Cpanel Cpanel
1 EDB exploit
3.3
CVSSv3
CVE-2017-18423
In cPanel prior to 66.0.2, domain log files become readable after log processing (SEC-273).
Cpanel Cpanel
6.3
CVSSv3
CVE-2017-18438
cPanel prior to 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
Cpanel Cpanel
6.1
CVSSv3
CVE-2017-18456
cPanel prior to 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
Cpanel Cpanel
3.3
CVSSv3
CVE-2017-18458
cPanel prior to 62.0.17 allows file overwrite when renaming an account (SEC-219).
Cpanel Cpanel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »