CVE-2017-18481

cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface SEC-211...

CVE-2017-18426

cPanel before 66.0.2 allows resellers to read other accounts' domain log files SEC-288...

CVE-2017-18410

In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server SEC-284...

CVE-2017-18409

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases SEC-283...

CVE-2017-18427

In cPanel before 66.0.2, weak log-file permissions can occur after account modification SEC-289...

CVE-2017-18398

DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains SEC-331...

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations SEC-265...

CVE-2017-18413

In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears SEC-299...

CVE-2016-10815

cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs SEC-120...

CVE-2016-10769

cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi SEC-162...

CVE-2016-10811

In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs SEC-116...

CVE-2016-10814

cPanel before 57.9999.54 allows demo-mode escape via showtemplate.stor SEC-119...

CVE-2016-10833

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd SEC-104...

CVE-2006-5014

Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in 1 mysqladmin and 2 hooksadmin...

CVE-2005-2021

Cross-site scripting XSS vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page...

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

SUSE CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...