CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3929 matches found

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00017EPSS

Exploits0References3

SUSE CVE•added 3 hours ago•3 views

SUSE CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00017EPSS

Exploits0References3

RedhatCVE•added yesterday•3 views

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

7.3CVSS5.8AI score0.00017EPSS

Exploits0References2

RedhatCVE•added yesterday•3 views

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

7.5CVSS5.8AI score0.00017EPSS

Exploits0References2

NVD•added yesterday•6 views

CVE-2026-9334

7.3CVSS0.00017EPSS

Exploits0References3

NVD•added yesterday•6 views

CVE-2026-9516

7.5CVSS0.00017EPSS

Exploits0References3

ATTACKERKB•added yesterday•2 views

CVE-2026-9516

5.9AI score0.00017EPSS

Exploits0References3

CVE•added yesterday•10 views

CVE-2026-9516

CVE-2026-9516 affects Cpanel::JSON::XS for Perl prior to 4.41. A UTF-8 BOM prefixed input with a throwing decode filter callback can cause the decoder to skip restoration of the input pointer, leaving the scalar with an offset pointer. When the scalar is freed, the allocator may receive an invali...

7.5CVSS5.9AI score0.00017EPSS

Exploits0References3

EUVD•added yesterday•5 views

EUVD-2026-34061

7.5CVSS5.9AI score0.00017EPSS

Exploits0References2

Vulnrichment•added yesterday•2 views

CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws

5.9AI score0.00017EPSS

Exploits0References2

Vulnrichment•added yesterday•3 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added yesterday•15 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

0.00017EPSS

Exploits0References2

CVE•added yesterday•11 views

CVE-2026-9334

Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...

7.3CVSS5.8AI score0.00017EPSS

Exploits0References3

ATTACKERKB•added yesterday•2 views

CVE-2026-9334

5.8AI score0.00017EPSS

Exploits0References3

EUVD•added yesterday•4 views

EUVD-2026-34060

7.3CVSS5.8AI score0.00017EPSS

Exploits0References2

Positive Technologies•added yesterday•6 views

PT-2026-45892

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode json advances the input scalar's string pointer past the mark with SvPV set and restores it only on the normal retur...

5.9AI score0.00017EPSS

Exploits0References3

Nuclei•added 3 days ago•58 views

cPanel < 11.109.9999.116 - Cross-Site Scripting

An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. id: CVE-2023-29489 info: name: cPanel 11.109.9999.116 - Cross-Site Scripting author: DhiyaneshDk,0xKayala severity: medium description: | An issue was...

6.1CVSS6.6AI score0.92926EPSS

Exploits7References5

GithubExploit•added 2026/05/27 12:16 a.m.•68 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 — WHM/cPanel Exploit Tool Linux ⚠️ DISCL...

9.8CVSS6AI score0.90762EPSS

Exploits59

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43619

Threat Intel May 26, 2026 Vulnerability Intelligence Briefing Curated from daily vulnerability intelligence monitoring and exploitation telemetry analysis by cvelogic. --- 1. Known Exploited Vulnerabilities CISA KEV CVE-2026-48172 LiteSpeed cPanel Plugin Added to the CISA KEV catalog following...

10CVSS6.5AI score0.90762EPSS

Exploits82References1

GithubExploit•added 2026/05/26 7:59 p.m.•51 views

indo-cpanel-exploit

🦉 Indo cPanel Exploit Toolkit ⚠️ FOR AUTHORIZED SECURITY TE...

9.8CVSS6AI score0.90762EPSS

Exploits59

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by