CVE-2017-18458

cPanel before 62.0.17 allows file overwrite when renaming an account SEC-219...

CVE-2017-18395

cPanel before 68.0.15 does not block a username of ssl SEC-328...

CVE-2017-18476

Leech Protect in cPanel before 62.0.4 does not protect certain directories SEC-205...

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

CVE-2019-20498

cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect SEC-534...

CVE-2019-20492

cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file SEC-516...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

CVE-2019-20493

cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled SEC-520...

CVE-2019-20497

cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration SEC-533...

CVE-2019-20491

cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions SEC-508...

CVE-2020-12784

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings SEC-505...

CVE-2020-10116

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls SEC-541...

CVE-2020-10121

cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs SEC-546...

CVE-2020-10117

cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace SEC-542...

CVE-2020-10122

cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files SEC-547...

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

CVE-2020-10115

cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. SEC-537...

CVE-2024-34015

Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...