6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
6.1CVSS
5.8AI Score
0.001EPSS
6.1CVSS
5.8AI Score
0.001EPSS
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
6.1CVSS
5.8AI Score
0.001EPSS
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
5.5CVSS
5.6AI Score
0.001EPSS
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
6.7CVSS
6.7AI Score
0.0004EPSS
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
6.7CVSS
6.7AI Score
0.0004EPSS
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
3.8CVSS
4.5AI Score
0.0005EPSS
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
6.1CVSS
5.9AI Score
0.001EPSS
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
6.1CVSS
6.3AI Score
0.001EPSS
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
6.5CVSS
6.5AI Score
0.001EPSS
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
6.3CVSS
6.5AI Score
0.001EPSS
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
2.7CVSS
4.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
6.5CVSS
6.4AI Score
0.001EPSS
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
5.4CVSS
5.1AI Score
0.001EPSS
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
3.3CVSS
4.1AI Score
0.0004EPSS
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
4.3CVSS
4.7AI Score
0.001EPSS
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
2.7CVSS
4.2AI Score
0.001EPSS
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
3.3CVSS
4.1AI Score
0.0004EPSS
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
3.3CVSS
4.1AI Score
0.0004EPSS
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
5.6CVSS
5.7AI Score
0.0004EPSS
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
2.5CVSS
4AI Score
0.0004EPSS
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
2.5CVSS
4AI Score
0.0004EPSS
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
3.3CVSS
4.1AI Score
0.0004EPSS
5.7CVSS
5.6AI Score
0.001EPSS
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
3.3CVSS
3.9AI Score
0.0004EPSS
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
5.5CVSS
5.5AI Score
0.0004EPSS
6.1CVSS
5.9AI Score
0.001EPSS
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
6.5CVSS
6.5AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
6.1CVSS
6AI Score
0.001EPSS
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
7.5CVSS
7.6AI Score
0.001EPSS
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
7.8CVSS
7.5AI Score
0.0004EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
8.8CVSS
9AI Score
0.006EPSS
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
5.3CVSS
5.6AI Score
0.0004EPSS
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
5.5CVSS
5.6AI Score
0.0004EPSS
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).
3.3CVSS
4.3AI Score
0.0004EPSS
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).
3.3CVSS
4.3AI Score
0.0004EPSS
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).
5.3CVSS
5.3AI Score
0.001EPSS
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
8.8CVSS
8.9AI Score
0.001EPSS
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).
7.1CVSS
6.9AI Score
0.0004EPSS