3954 matches found
EUVD-2026-29551
Insufficient ownership checks in clientarea.php allow an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account...
CVE-2026-29204
Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...
CVE-2026-29204
Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...
CVE-2026-29204
Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...
CVE-2026-29204
Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...
CVE-2026-29204
CVE-2026-29204 concerns insufficient ownership checks in the PHP script clientarea.php, enabling an authenticated client to submit requests using another user’s addonId and access the victim’s resources and their cPanel account. The connected documents confirm this is a high-severity issue with e...
Exploit for Missing Authentication for Critical Function in Cpanel
🚀 CVE-2026-41940 - cPanel/WHM Authentication Bypass Exploit...
CVE-2026-29203
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path...
PT-2026-40440
Name of the Vulnerable Software and Affected Versions cPanel & WHM affected versions not specified Description Improper sanitization of the status query parameter in the '/unprotected/nova error' endpoint allows an unauthenticated attacker to inject arbitrary HTTP headers into the response...
PT-2026-40439
Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...
PT-2026-40437
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...
PT-2026-40438
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. Recommendations At the moment, the...
PT-2026-40319
Name of the Vulnerable Software and Affected Versions WHMCS versions 7.4 through 8.13.2 WHMCS versions 9.0 through 9.0.3 Description Insufficient ownership checks in the 'clientarea.php' endpoint allow an authenticated client area user to submit requests using another user's addonId without...
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named MrRot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager WHM that could result ...
Exploit for Missing Authentication for Critical Function in Cpanel
No d...
Exploit for Missing Authentication for Critical Function in Cpanel
No d...
Exploit for Missing Authentication for Critical Function in Cpanel
cPanelSniper CVE-2026-41940 — c...
PT-2026-39535
Critical cPanel vulnerabilities CVE-2026-41940, CVE-2026-41941, CVE-2026-41942 exploited in the wild. Update your servers immediately to protect against unauthorized access. Link: https://t.co/BvY5rEh9wr cPanel Cybersecurity Vulnerabilities Exploits Patching Servers Security Infosec Malware Threa...
PT-2026-39534
Critical cPanel vulnerabilities CVE-2026-41940, CVE-2026-41941, CVE-2026-41942 exploited in the wild. Update your servers immediately to protect against unauthorized access. Link: https://t.co/BvY5rEh9wr cPanel Cybersecurity Vulnerabilities Exploits Patching Servers Security Infosec Malware Threa...
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager WHM that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 CVSS score: 4.3 - An insufficient input...