5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination...
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules...
6.5CVSS
6.4AI Score
0.001EPSS
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface...
5.4CVSS
5.2AI Score
0.001EPSS
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account...
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls...
6.5CVSS
6.5AI Score
0.001EPSS
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address...
6.5CVSS
6.5AI Score
0.001EPSS
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions...
6.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user...
8.8CVSS
8.5AI Score
0.001EPSS
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades...
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin...
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel before 60.0.25 allows format-string injection in exception-message handling...
8.8CVSS
8.7AI Score
0.001EPSS
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft...
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call...
6.3CVSS
6.6AI Score
0.001EPSS
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface...
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing...
8.1CVSS
8AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen...
5.4CVSS
5.2AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update...
6.5CVSS
6.5AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor...
4.9CVSS
5.3AI Score
0.001EPSS
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled...
7.5CVSS
7.5AI Score
0.001EPSS
4.4CVSS
4.8AI Score
0.0004EPSS
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration...
2.7CVSS
4.1AI Score
0.001EPSS
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error...
4.3CVSS
4.6AI Score
0.001EPSS
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API...
6.3CVSS
6.5AI Score
0.001EPSS
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path...
7.8CVSS
7.8AI Score
0.0004EPSS
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation...
7.8CVSS
7.9AI Score
0.0004EPSS
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename...
4.3CVSS
4.8AI Score
0.001EPSS
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface...
6.1CVSS
5.9AI Score
0.001EPSS
6.7CVSS
6.9AI Score
0.0004EPSS
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers...
2.7CVSS
4.2AI Score
0.001EPSS
cPanel before 62.0.17 allows arbitrary code execution during account modification...
7.8CVSS
7.9AI Score
0.0004EPSS
cPanel before 64.0.21 does not preserve supplemental groups across account renames...
4.9CVSS
5.2AI Score
0.001EPSS
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs...
4.4CVSS
4.9AI Score
0.0004EPSS
5.4CVSS
5.2AI Score
0.001EPSS
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call...
5.3CVSS
5.3AI Score
0.001EPSS
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite...
4.5CVSS
4.8AI Score
0.0004EPSS
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite...
5.5CVSS
5.5AI Score
0.0004EPSS
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade...
5.3CVSS
5.2AI Score
0.001EPSS
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls...
6.3CVSS
6.5AI Score
0.001EPSS
4.3CVSS
4.8AI Score
0.001EPSS