Lucene search
K

3955 matches found

OSV
OSV
added 2025/04/20 1:15 a.m.5 views

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

8.1CVSS6.1AI score0.00493EPSS
Exploits2References4
NVD
NVD
added 2025/04/20 1:15 a.m.26 views

CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

7.5CVSS0.01403EPSS
Exploits3References4
OSV
OSV
added 2025/04/20 1:15 a.m.2 views

UBUNTU-CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS5.8AI score0.00379EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/04/20 12:0 a.m.13 views

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

5.4CVSS7.2AI score0.00493EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/04/20 12:0 a.m.42 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS0.00379EPSS
Exploits1References4
CVE
CVE
added 2025/04/20 12:0 a.m.110 views

CVE-2025-43920

GNU Mailman 2.1.39 (bundled with cPanel/WHM) has a command-injection risk when an external archiver is configured and the email subject line contains shell metacharacters. The root cause is unsanitized subject handling in the archiver/subject processing path, enabling unauthenticated execution of...

8.1CVSS7.2AI score0.00493EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2025/04/20 12:0 a.m.25 views

CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

5.8CVSS0.01403EPSS
Exploits3References4
CVE
CVE
added 2025/04/20 12:0 a.m.109 views

CVE-2025-43919

CVE-2025-43919 affects GNU Mailman 2.1.39 bundled with cPanel/WHM. The vulnerability is a directory traversal in the /mailman/private/mailman endpoint, exploitable via a crafted username parameter that can read arbitrary server files (e.g., /etc/passwd). Root cause: insufficient input validation ...

7.5CVSS6.6AI score0.01403EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2025/04/20 12:0 a.m.82 views

CVE-2025-43921

GNU Mailman 2.1.39 (bundled with cPanel/WHM) is vulnerable to unauthenticated creation of mailing lists via the /mailman/create endpoint. The root cause is missing access controls in the create CGI script, enabling arbitrary list creation by anyone. Impact described across sources includes potent...

5.3CVSS5.3AI score0.00379EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.3 views

PT-2025-36474

Name of the Vulnerable Software and Affected Versions: Cpanel::JSON::XS versions prior to 4.40 Description: Cpanel::JSON::XS, a Perl module, contains an integer buffer overflow. This overflow occurs when parsing specially crafted JSON data, leading to a segmentation fault. This can result in...

5.6CVSS6.6AI score0.00405EPSS
Exploits0References50
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-48623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a deni...

9.1CVSS5.4AI score0.00788EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/01 11:18 p.m.11 views

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

5.5CVSS6.9AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/28 12:20 a.m.10 views

CVE-2024-34014

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension for Plesk Linux...

5.5CVSS6.9AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2025/02/27 11:15 p.m.10 views

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

5.5CVSS0.00185EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/27 11:0 p.m.4 views

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

5.5CVSS5.6AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/27 11:0 p.m.15 views

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

5.5CVSS0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/07 9:48 a.m.5 views

CVE-2025-22690

Cross-Site Request Forgery CSRF vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through = 1.4.6...

7.1CVSS7.2AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:57 p.m.17 views

CVE-2020-15432

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmigrationcpanel.php. When parsing the filespace parameter, the...

10CVSS7.3AI score0.08083EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/04 10:27 p.m.4 views

CVE-2024-8767

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 619, Acronis Backup extension for Plesk Linux before build 555, Acronis Backup plugin for DirectAdmin Linux before...

9.9CVSS6.9AI score0.00476EPSS
Exploits0References1
NVD
NVD
added 2025/02/03 3:15 p.m.3 views

CVE-2025-22690

Cross-Site Request Forgery CSRF vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through = 1.4.6...

7.1CVSS0.00167EPSS
Exploits0References1
Rows per page
Query Builder