5.5CVSS
5.5AI Score
0.0004EPSS
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing...
7.8CVSS
7.6AI Score
0.0004EPSS
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account...
7.1CVSS
6.9AI Score
0.0004EPSS
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl...
8.8CVSS
8.9AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
4.3CVSS
4.6AI Score
0.001EPSS
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp...
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router...
5.5CVSS
5.5AI Score
0.0004EPSS
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution...
5.3CVSS
5.6AI Score
0.0004EPSS
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call...
5.3CVSS
5.3AI Score
0.001EPSS
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing...
4.3CVSS
4.7AI Score
0.001EPSS
2.7CVSS
4.1AI Score
0.001EPSS
3.3CVSS
4.3AI Score
0.0004EPSS
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data...
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API...
5.5CVSS
5.6AI Score
0.0004EPSS
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg...
8.8CVSS
8.8AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin...
7.8CVSS
7.9AI Score
0.0004EPSS
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments...
9.8CVSS
9.7AI Score
0.007EPSS
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain...
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field...
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching...
8.8CVSS
9AI Score
0.006EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.0004EPSS
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled...
7.5CVSS
7.6AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html...
6.1CVSS
5.8AI Score
0.001EPSS
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum...
6.1CVSS
5.9AI Score
0.001EPSS
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect...
6.1CVSS
6.1AI Score
0.001EPSS
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template...
7.8CVSS
7.1AI Score
0.018EPSS
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure...
6.1CVSS
6.1AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop...
5.9AI Score
0.005EPSS
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree...
7AI Score
0.021EPSS
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6)...
5.9AI Score
0.004EPSS
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only...
7.7AI Score
0.005EPSS
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r...
6.8AI Score
0.022EPSS
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain...
6.8AI Score
0.012EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2)...
7.9AI Score
0.009EPSS
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query...
5.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party...
5.7AI Score
0.003EPSS
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl...
7.6AI Score
0.0004EPSS
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template...
7.7AI Score
0.015EPSS
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname...
5.7AI Score
0.008EPSS