Exploit for Missing Authentication for Critical Function in Cpanel

CPANEL CVE EXPLOIT English | فارسی PersianREADME...

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager WHM that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 CVSS score: 4.3 - An insufficient input...

Exploit for Missing Authentication for Critical Function in Cpanel

🔴 cPanelCVE CVE-2026-41940 — cPanel & WHM Authentication...

Exploit for Missing Authentication for Critical Function in Cpanel

🔴 cPanelCVE CVE-2026-41940 — cPanel & WHM Authentication...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940: cPanel/WHM Authentication Bypass Analysis...

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

CVE-2026-41940

CVE-2026-41940 — cPanel/WHM Authentication Bypass (CRLF Injection) Technical synopsis: A CRLF injection in the login/session handling enables unauthenticated remote attackers to bypass authentication and gain root-level access via the cpsess session token. Public analyses describe the attack chai...

CVE-2026-41940 WebPros cPanel and WHM Authentication Bypass via Login Flow

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

EUVD-2022-5521

Malicious code in bioql PyPI...

CVE-2018-20933

cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action SEC-410...

CVE-2016-10795

cPanel before 59.9999.145 allows stored XSS in the WHM tailupcp2.cgi interface SEC-156...

Virtuozzo Hybrid Server For WHMCS 安全漏洞

Virtuozzo Hybrid Server For WHMCS is a Virtuozzo Hybrid Server For WHMCS from Virtuozzo. A security vulnerability exists in Virtuozzo Hybrid Server For WHMCS version v.1.7.1. An attacker can obtain sensitive information by modifying the hostname...

PT-2024-25641 · Acronis · Acronis Backup Plugin For Cpanel & Whm

Name of the Vulnerable Software and Affected Versions: Acronis Backup plugin for cPanel & WHM Linux versions prior to build 818 Description: The issue is related to sensitive information disclosure during file browsing due to improper symbolic link handling. This can lead to unauthorized access a...

Acronis Backup plugin for cPanel & WHM (Linux) 安全漏洞

Acronis Backup plugin for cPanel & WHM Linux is a plugin from Acronis Switzerland. A security vulnerability exists in Acronis Backup plugin for cPanel & WHM Linux versions prior to 818, which stems from improper handling of symbolic links, resulting in the disclosure of sensitive information duri...

SUSE CVE-2007-2450

Multiple cross-site scripting XSS vulnerabilities in the 1 Manager and 2 Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script o...

SUSE CVE-2007-3386

Cross-site scripting XSS vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action...

SUSE CVE-2008-1947

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...

GHSA-W7CG-5969-678W Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token

The 1 Manager and 2 Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token...