510 matches found
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
CVE-2026-47365 affects WordPress Toolkit (before 6.11.0) as used in cPanel & WHM. An argument injection flaw enables remote authenticated users to bypass cross-tenant authorization and run arbitrary wp-toolkit CLI commands as another account. The description and connected records confirm the affe...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
EUVD-2026-36376
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 - cPanel/WHM Authentication Bypass This reposi...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 — cPanel2Shell Interactive exploitation tool...
MINI-W59M-6WHM-CJWH
Bulletin has no description...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 — WHM/cPanel Exploit Tool Linux ⚠️ DISCL...
📄 CPanel/WHM CRLF Injection / Authentication Bypass / Remote Code Execution
This Metasploit module exploits CVE-2026-41940, a CRLF injection in cPanel/WHMs cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth handler writes the password to the raw session file without stripping newlines. Omitting the ob-part of the session cookie bypass...
Exploit for Missing Authentication for Critical Function in Cpanel
🚀 CVE-2026-41940 - cPanel/WHM Authentication Bypass Exploit...
PT-2026-40437
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...
PT-2026-40439
Name of the Vulnerable Software and Affected Versions DNS Cluster affected versions not specified Description SSL verification is disabled in the DNS Cluster system. This allows a malicious server to perform a man-in-the-middle attack, which is a technique where an attacker intercepts communicati...
PT-2026-38675
Name of the Vulnerable Software and Affected Versions cPanel Nova plugin versions prior to 11.136.0.9 cPanel Nova plugin versions prior to 11.136.1.10 WP Squared cPanel Nova plugin versions prior to 11.134.0.25 cPanel Nova plugin versions prior to 11.132.0.31 cPanel Nova plugin versions prior to...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 | cPanel/WHM Authentication Bypass Detection...
Exploit for Missing Authentication for Critical Function in Cpanel
cpanel-pwn cPanel/WHM security testing toolkit. Implements th...
cPanelSniper-
cPanelSniper CVE-2026-41940 — c...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 cPanel & WHM Verification Tool This repository...
cPanel & WHM - Authentication Bypass via Session-File CRLF Injection
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. id: CVE-2026-41940 info:...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 – cPanel/WHM Auth Bypass + Root Password Changer...