cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation...
5.5CVSS
5.4AI Score
0.0004EPSS
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files...
7.3CVSS
7.2AI Score
0.001EPSS
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups...
7.1CVSS
7AI Score
0.0004EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning...
9.8CVSS
9.7AI Score
0.005EPSS
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands...
8.1CVSS
8.2AI Score
0.001EPSS
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds...
6.5CVSS
6.4AI Score
0.001EPSS
8.1CVSS
8AI Score
0.001EPSS
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd...
9.8CVSS
9.7AI Score
0.005EPSS
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost...
8.8CVSS
8.9AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications...
7.5CVSS
7.6AI Score
0.002EPSS
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface...
5.4CVSS
5.3AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits...
4.3CVSS
4.8AI Score
0.001EPSS
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories...
3.3CVSS
4.1AI Score
0.0004EPSS
cPanel before 74.0.0 allows certain file-read operations via password file caching...
4.4CVSS
4.9AI Score
0.0004EPSS
2.3CVSS
4.2AI Score
0.0004EPSS
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts...
7.2CVSS
7AI Score
0.001EPSS
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface...
6.1CVSS
5.9AI Score
0.001EPSS
4.3CVSS
4.9AI Score
0.001EPSS
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration...
5.5CVSS
5.6AI Score
0.0004EPSS
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system...
2.8CVSS
4.4AI Score
0.0004EPSS
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling...
4.3CVSS
4.8AI Score
0.001EPSS
3.9CVSS
4.8AI Score
0.0004EPSS
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication...
5.5CVSS
5.7AI Score
0.0004EPSS
5.3CVSS
5.3AI Score
0.0004EPSS
9.8CVSS
9.8AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation...
5.3CVSS
5.5AI Score
0.001EPSS
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface...
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API...
6.3CVSS
6.8AI Score
0.001EPSS
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change...
6.8CVSS
6.7AI Score
0.0004EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file...
3.3CVSS
4.3AI Score
0.0004EPSS
3.3CVSS
4.1AI Score
0.0004EPSS
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page...
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface...
5.4CVSS
5.2AI Score
0.001EPSS
In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains...
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI...
5.3CVSS
5.3AI Score
0.001EPSS
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin...
5.5CVSS
5.6AI Score
0.0004EPSS
cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets...
4.3CVSS
4.7AI Score
0.001EPSS
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI...
3.3CVSS
4.5AI Score
0.0004EPSS
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI...
3.3CVSS
4.5AI Score
0.0004EPSS