WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

WebPros cPanel & WHM WebHost Manager and WP2 WordPress Squared contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py

cve-2026-41940 cPanel/WHM Authentication Bypass - Detection Ar...

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

CVE-2026-41940

CVE-2026-41940 — cPanel/WHM Authentication Bypass (CRLF Injection) Technical synopsis: A CRLF injection in the login/session handling enables unauthenticated remote attackers to bypass authentication and gain root-level access via the cpsess session token. Public analyses describe the attack chai...

CVE-2026-41940 WebPros cPanel and WHM Authentication Bypass via Login Flow

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

PT-2026-35936

Name of the Vulnerable Software and Affected Versions cPanel and WHM versions prior to 11.86.0.41 cPanel and WHM versions prior to 11.110.0.97 cPanel and WHM versions prior to 11.118.0.63 cPanel and WHM versions prior to 11.124.0.35 cPanel and WHM versions prior to 11.126.0.54 cPanel and WHM...

cPanel 访问控制错误漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to access control, which stems from an authentication bypass issue in th...

VulnCheck KEV: CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

IBM Guardium Data Protection 安全漏洞

IBM Guardium Data Protection is a comprehensive data security platform developed by the American company International Business Machines IBM. There are security vulnerabilities in versions 12.0, 12.1, and 12.2 of IBM Guardium Data Protection. These vulnerabilities stem from a bypass of business...

CVE-2026-41175

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

EUVD-2026-25108

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

CVE-2026-41175

Statamic CMS (Laravel/Git-based) prior to 5.73.20 and 6.13.0 is affected. The issue stems from unsafe method invocation during query value resolution, enabling data destruction via manipulated query parameters on Control Panel, REST API endpoints, or GraphQL queries. Exploitation requires REST/Gr...

CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

CVE-2026-41175

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

[SECURITY] Fedora 44 Update: plasma-firewall-6.6.4-1.fc44

Control Panel for your system firewall...

GHSA-4JJR-VMV7-WH4W Statamic: Unsafe method invocation via query value resolution allows data destruction

Impact Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requires authentication with minimal permissions in order to exploit. e.g. "view entries" permission to...

Statamic: Unsafe method invocation via query value resolution allows data destruction

Impact Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requires authentication with minimal permissions in order to exploit. e.g. "view entries" permission to...

GHSA-R54V-QQ87-PX5R Craft Commerce hasVariant/hasProduct Blind SQL Injection

Overview Craft Commerce’s ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the unset blocklist added to ElementIndexesController in GHSA-2453-mppf-46cj. The blocklist only strips top-level Yii2 Query properties where, orderBy, etc., but hasVariant and hasProduct pass throug...