3955 matches found
CVE-2025-43920
GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...
CVE-2025-43919
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...
UBUNTU-CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
CVE-2025-43920
GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...
CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
CVE-2025-43920
GNU Mailman 2.1.39 (bundled with cPanel/WHM) has a command-injection risk when an external archiver is configured and the email subject line contains shell metacharacters. The root cause is unsanitized subject handling in the archiver/subject processing path, enabling unauthenticated execution of...
CVE-2025-43919
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...
CVE-2025-43919
CVE-2025-43919 affects GNU Mailman 2.1.39 bundled with cPanel/WHM. The vulnerability is a directory traversal in the /mailman/private/mailman endpoint, exploitable via a crafted username parameter that can read arbitrary server files (e.g., /etc/passwd). Root cause: insufficient input validation ...
CVE-2025-43921
GNU Mailman 2.1.39 (bundled with cPanel/WHM) is vulnerable to unauthenticated creation of mailing lists via the /mailman/create endpoint. The root cause is missing access controls in the create CGI script, enabling arbitrary list creation by anyone. Impact described across sources includes potent...
PT-2025-36474
Name of the Vulnerable Software and Affected Versions: Cpanel::JSON::XS versions prior to 4.40 Description: Cpanel::JSON::XS, a Perl module, contains an integer buffer overflow. This overflow occurs when parsing specially crafted JSON data, leading to a segmentation fault. This can result in...
Linux Distros Unpatched Vulnerability : CVE-2022-48623
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a deni...
CVE-2025-24832
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...
CVE-2024-34014
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension for Plesk Linux...
CVE-2025-24832
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...
CVE-2025-24832
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...
CVE-2025-24832
Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...
CVE-2025-22690
Cross-Site Request Forgery CSRF vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through = 1.4.6...
CVE-2020-15432
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmigrationcpanel.php. When parsing the filespace parameter, the...
CVE-2024-8767
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 619, Acronis Backup extension for Plesk Linux before build 555, Acronis Backup plugin for DirectAdmin Linux before...
CVE-2025-22690
Cross-Site Request Forgery CSRF vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through = 1.4.6...