Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cpanel vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2019-14412
Maketext in cPanel prior to 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).
Cpanel Cpanel
5.5
CVSSv3
CVE-2017-18396
cPanel prior to 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
Cpanel Cpanel
2.7
CVSSv3
CVE-2017-18401
cPanel prior to 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
Cpanel Cpanel
4.1
CVSSv3
CVE-2020-29135
cPanel prior to 90.0.17 has multiple instances of URL parameter injection (SEC-567).
Cpanel Cpanel
9.8
CVSSv3
CVE-2019-20498
cPanel prior to 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
Cpanel Cpanel
6.1
CVSSv3
CVE-2020-26111
cPanel prior to 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
Cpanel Cpanel
7.5
CVSSv3
CVE-2020-26112
The email quota cache in cPanel prior to 90.0.10 allows overwriting of files.
Cpanel Cpanel
6.1
CVSSv3
CVE-2020-26114
cPanel prior to 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
Cpanel Cpanel
6.5
CVSSv3
CVE-2020-29136
In cPanel prior to 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
Cpanel Cpanel
5.4
CVSSv3
CVE-2018-20875
cPanel prior to 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
Cpanel Cpanel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »