CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3954 matches found

GithubExploit•added 2026/04/29 11:11 p.m.•160 views

Exploit for CVE-2026-41940

A companion tool for the watchTowr CVE-2026-41940 authentication...

9.8CVSS5.5AI score0.90543EPSS

Exploits63

Rapid7 Blog•added 2026/04/29 8:0 p.m.•13 views

CVE-2026-41940: cPanel & WHM Authentication Bypass

Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940, the identifier subsequently assigned on...

9.8CVSS6.4AI score0.90543EPSS

Exploits63

GithubExploit•added 2026/04/29 5:44 p.m.•180 views

Exploit for CVE-2026-41940

Usage python 0day.py -f test.txt --external-only --show...

9.8CVSS5.3AI score0.90543EPSS

Exploits63

NVD•added 2026/04/29 4:16 p.m.•4 views

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

9.8CVSS0.90543EPSS

Exploits63References9

Cvelist•added 2026/04/29 3:10 p.m.•54 views

CVE-2026-41940 WebPros cPanel and WHM Authentication Bypass via Login Flow

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

9.8CVSS0.90543EPSS

Exploits63References5

EUVD•added 2026/04/29 3:10 p.m.•3 views

EUVD-2026-26246

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

9.8CVSS5.5AI score0.90543EPSS

Exploits63References5

ATTACKERKB•added 2026/04/29 3:10 p.m.•8 views

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

9.8CVSS5.7AI score0.90543EPSS

In wildExploits63References8Affected Software2

CVE•added 2026/04/29 3:10 p.m.•426 views

CVE-2026-41940

CVE-2026-41940 — cPanel/WHM Authentication Bypass (CRLF Injection) Technical synopsis: A CRLF injection in the login/session handling enables unauthenticated remote attackers to bypass authentication and gain root-level access via the cpsess session token. Public analyses describe the attack chai...

9.8CVSS5.5AI score0.90543EPSS

In wildExploits63References9Affected Software1

The Hacker News•added 2026/04/29 9:37 a.m.•6 views

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions of cPanel and WebHost Manager WHM, according to an alert...

9.8CVSS6.3AI score0.90543EPSS

Exploits63

CNNVD•added 2026/04/29 12:0 a.m.•7 views

cPanel 访问控制错误漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to access control, which stems from an authentication bypass issue in th...

9.8CVSS6.1AI score0.90543EPSS

Exploits63References2

Positive Technologies•added 2026/04/29 12:0 a.m.•8 views

PT-2026-35936

Name of the Vulnerable Software and Affected Versions cPanel and WHM versions prior to 11.86.0.41 cPanel and WHM versions prior to 11.110.0.97 cPanel and WHM versions prior to 11.118.0.63 cPanel and WHM versions prior to 11.124.0.35 cPanel and WHM versions prior to 11.126.0.54 cPanel and WHM...

9.8CVSS6.3AI score0.90543EPSS

Exploits63

VulnCheck KEV•added 2026/04/28 12:0 a.m.•42 views

VulnCheck KEV: CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

9.8CVSS5.5AI score0.90543EPSS

In wildExploits63References51

Positive Technologies•added 2026/04/04 12:0 a.m.•11 views

PT-2026-40436

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.134.0.26 Description Incorrect privilege management and insufficient path filtering in the cpdavd component allow an unauthenticated attacker to read arbitrary files on the server as root. This is achieved through a...

9CVSS5.9AI score0.07244EPSS

Exploits0References19

Packet Storm•added 2026/02/06 12:0 a.m.•144 views

📄 WordPress TNC Toolbox 1.4.2 Information Disclosure

WordPress TNC Toolbox plugin versions 1.4.2 and below sensitive information disclosure proof of concept exploit. ============================================================================================================================================= | Title : WordPress TNC Toolbox = 1.4.2...

10CVSS5.3AI score0.00931EPSS

Exploits1

Positive Technologies•added 2026/01/30 12:0 a.m.•9 views

PT-2026-5405

Name of the Vulnerable Software and Affected Versions AWStats version 8.0 Description AWStats version 8.0 contains a command injection issue due to an unsafe use of the open function in Perl when processing HTTP GET parameters. Specifically, the presence of a pipe symbol '|' within a parameter ca...

7.8CVSS6.4AI score0.01046EPSS

Exploits1References12