5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
8.8CVSS
8.9AI Score
0.001EPSS
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
9.8CVSS
9.7AI Score
0.005EPSS
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
8.1CVSS
7.9AI Score
0.001EPSS
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
8.8CVSS
8.6AI Score
0.001EPSS
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
8.8CVSS
8.9AI Score
0.001EPSS
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
8.1CVSS
8.1AI Score
0.001EPSS
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
7.2CVSS
7.1AI Score
0.001EPSS
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
7.5CVSS
7.5AI Score
0.002EPSS
8.8CVSS
8.6AI Score
0.001EPSS
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
4.3CVSS
4.7AI Score
0.001EPSS
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
6.5CVSS
6.7AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
7.5CVSS
7.9AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
8.1CVSS
8.4AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
8.8CVSS
8.9AI Score
0.001EPSS
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).
5.3CVSS
5.4AI Score
0.001EPSS
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
8.1CVSS
8.2AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
8.1CVSS
8AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
8.1CVSS
8.1AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
8.1CVSS
8.1AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
7.2CVSS
7AI Score
0.001EPSS
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
8.8CVSS
8.9AI Score
0.001EPSS
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
5.4CVSS
5.3AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
9.8CVSS
9.7AI Score
0.005EPSS
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
6.5CVSS
6.4AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
9.8CVSS
9.7AI Score
0.005EPSS
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
8.1CVSS
8.2AI Score
0.001EPSS
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
8.1CVSS
8AI Score
0.001EPSS
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
2.7CVSS
4.2AI Score
0.001EPSS
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
7.8CVSS
7.5AI Score
0.0004EPSS
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
3.8CVSS
4.4AI Score
0.0004EPSS
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
5.5CVSS
5.5AI Score
0.0004EPSS
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
7.2CVSS
7.5AI Score
0.001EPSS
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
7.2CVSS
7.5AI Score
0.001EPSS
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
7.8CVSS
7.6AI Score
0.0004EPSS
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
6.3CVSS
6.5AI Score
0.001EPSS
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
7.8CVSS
7.8AI Score
0.0004EPSS
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
2.5CVSS
4AI Score
0.0004EPSS