cpanel

426 tracked vulnerabilities.

CVE-2026-41940 CRITICAL KEVNUCLEI
cPanel and WHM Authentication Bypass via Login Flow
Apr 29, 2026
CVSS 9.8
EPSS 0.85
CVE-2025-66429 HIGH
cPanel 110.0.0-126.0.37 - Path Traversal and Arbitrary File Write via Team Manager API
Dec 11, 2025
CVSS 8.8
EPSS 0.00
CVE-2023-29489 MEDIUM NUCLEI
cPanel < 11.102.0.31 - Cross-Site Scripting via Invalid Webcall ID
Apr 27, 2023
CVSS 5.3
EPSS 0.93
CVE-2021-38590 MEDIUM
cPanel < 11.98.0.8 - Information Disclosure via Weak Web Stats Permissions
Aug 11, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-38589 HIGH
cPanel < 11.96.0.13 - Arbitrary File Overwrite via fix-cpanel-perl Script
Aug 11, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-38588 HIGH
cPanel < 96.0.13 - Download of Code Without Integrity Check
Aug 11, 2021
CVSS 8.1
EPSS 0.00
CVE-2021-38587 HIGH
cPanel < 96.0.13 - Race Condition in fix-cpanel-perl Temporary File Handling
Aug 11, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-38586 MEDIUM
cPanel 11.94.0.0-11.94.0.12 - Unsafe File Operations in cpan_config Script
Aug 11, 2021
CVSS 4.4
EPSS 0.00
CVE-2021-38585 HIGH
cPanel < 98.0.1 - Deserialization of Untrusted Data via WHM Locale Upload Feature
Aug 11, 2021
CVSS 7.2
EPSS 0.02
CVE-2021-38584 HIGH
cPanel < 98.0.1 - XML External Entity Injection in WHM Locale Upload Feature
Aug 11, 2021
CVSS 7.2
EPSS 0.01
CVE-2021-31803 MEDIUM
cPanel < 94.0.3 - Stored Cross-Site Scripting via EasyApache 4 Save Profile
Apr 26, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-26267 HIGH
cPanel < 92.0.9 - MySQL User Suspension Bypass via Old-Style Password Hash
Jan 26, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-26266 HIGH
cPanel < 92.0.9 - Authenticated Suspension Lock Bypass
Jan 26, 2021
CVSS 7.5
EPSS 0.00
CVE-2020-29137 MEDIUM
cPanel < 90.0.17 - Self Cross-Site Scripting in WHM Transfer Tool Interface
Nov 27, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-29136 MEDIUM
cPanel < 11.86.0.32 - Two-Factor Authentication Bypass via Brute-Force Attack
Nov 27, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-29135 MEDIUM
cPanel <90.0.17 - Command Injection
Nov 27, 2020
CVSS 4.1
EPSS 0.00
CVE-2020-26115 MEDIUM
cPanel < 90.0.10 - Stored Cross-Site Scripting via Cron Editor Interface
Sep 25, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-26114 MEDIUM
cPanel < 90.0.10 - Self Cross-Site Scripting via Cron Jobs Interface
Sep 25, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-26113 MEDIUM
cPanel < 90.0.10 - Self Cross-Site Scripting via WHM Manage API Tokens Interface
Sep 25, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-26112 HIGH
cPanel < 90.0.10 - Arbitrary File Write via Email Quota Cache
Sep 25, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-26111 MEDIUM
cPanel < 90.0.10 - Self Cross-Site Scripting in WHM Edit DNS Zone Interface
Sep 25, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-26110 MEDIUM
cPanel < 88.0.13 - Self Cross-Site Scripting via DNS Zone Manager DNSSEC Interfaces
Sep 25, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-26109 HIGH
cPanel < 88.0.3 - Protection Mechanism Bypass for Package Modification
Sep 25, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-26108 CRITICAL
cPanel < 88.0.13 - Remote Code Execution via File Extension Dispatching
Sep 25, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-26107 HIGH
cPanel < 88.0.3 - Use of Insufficiently Random Values in PowerDNS API Key Generation
Sep 25, 2020
CVSS 7.5
EPSS 0.00
Products
cpanel 417 webhost_manager 5 cgiecho 3 cgiemail 3 whm 3 WHM 1 WP Squared 1 cPanel 1 wp_squared 1
Quick Filters
Critical CVEs With Exploits In CISA KEV