cpanel

426 tracked vulnerabilities.

CVE-2019-20494 LOW
cPanel 77.9999.110-81.9999.999 - Use of Insufficiently Random Values in Cpanel::Rand::Get
Mar 17, 2020
CVSS 3.3
EPSS 0.00
CVE-2019-20493 MEDIUM
cPanel 77.9999.110-78.0.43 - Self Cross-Site Scripting via JSON String Escaping Mishandling
Mar 17, 2020
CVSS 6.1
EPSS 0.00
CVE-2019-20492 HIGH
cPanel 77.9999.110-81.9999.999 - Authentication Bypass via Password File Misparsing
Mar 17, 2020
CVSS 8.8
EPSS 0.00
CVE-2019-20490 HIGH
cPanel 77.9999.110-78.0.43 - Authentication Bypass via Webmail Username Processing
Mar 17, 2020
CVSS 8.8
EPSS 0.00
CVE-2019-20491 MEDIUM
cPanel 77.9999.110-78.0.43 - Account Suspension Bypass via Virtual Mail Accounts
Mar 16, 2020
CVSS 5.4
EPSS 0.00
CVE-2019-17380 MEDIUM
cPanel < 82.0.15 - Self Cross-Site Scripting in WHM Update Preferences Interface
Oct 09, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-17379 MEDIUM
cPanel 77.9999.110-78.0.39 - Stored Cross-Site Scripting in WHM SSL Storage Manager
Oct 09, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-17378 MEDIUM
cPanel 77.9999.110-78.0.39 - Stored Cross-Site Scripting in SSL Key Delete Interface
Oct 09, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-17377 MEDIUM
cPanel 77.9999.110-78.0.39 - Self Cross-Site Scripting in LiveAPI Example Scripts
Oct 09, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-17376 MEDIUM
cPanel 77.9999.110-78.0.39 - Self Cross-Site Scripting in SSL Certificate Upload Interface
Oct 09, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-17375 HIGH
cPanel 81.9999.242-82.0.15 - Insufficient Session Expiration
Oct 09, 2019
CVSS 8.8
EPSS 0.00
CVE-2019-14414 LOW
cPanel < 78.0.2 - Arbitrary File Write via Userdata Cache Temporary File Conflict
Jul 30, 2019
CVSS 3.3
EPSS 0.00
CVE-2019-14413 MEDIUM
cPanel < 78.0.2 - Arbitrary File Write via Connection Reset
Jul 30, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-14412 LOW
cPanel < 78.0.2 - Format String Injection via DCV check_domains_via_dns UAPI
Jul 30, 2019
CVSS 3.3
EPSS 0.00
CVE-2019-14411 MEDIUM
cPanel < 78.0.2 - Unauthenticated Arbitrary File Write via DCV UAPI
Jul 30, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-14410 LOW
cPanel < 78.0.2 - Format String Injection via Email Store Filter UAPI
Jul 30, 2019
CVSS 3.3
EPSS 0.00
CVE-2019-14409 MEDIUM
cpanel < 78.0.2 - Arbitrary File Read via Passenger adminbin
Jul 30, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-14408 MEDIUM
cPanel < 78.0.2 - Unauthenticated OpenID Account Linking
Jul 30, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-14407 LOW
cpanel < 78.0.2 - Unprotected Internal Data Exposure to OpenID Providers
Jul 30, 2019
CVSS 2.7
EPSS 0.00
CVE-2019-14406 MEDIUM
cPanel < 78.0.18 - Stored Cross-Site Scripting in BoxTrapper Queue Listing
Jul 30, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-14405 HIGH
cPanel < 78.0.18 - Authenticated Remote Code Execution via securitypolicy.cgi
Jul 30, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-14404 MEDIUM
cPanel < 78.0.18 - Arbitrary File Read via Exim Virtual User Spam Router
Jul 30, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-14403 MEDIUM
cPanel < 78.0.18 - Open Redirect via Domain-Redirect Routing
Jul 30, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-14402 LOW
cPanel < 78.0.18 - Remote Code Execution via infocmp Terminal Capability Handling
Jul 30, 2019
CVSS 3.3
EPSS 0.00
CVE-2019-14401 HIGH
cPanel < 78.0.18 - Remote Code Execution via addforward API1 Call
Jul 30, 2019
CVSS 8.8
EPSS 0.01
Products
cpanel 417 webhost_manager 5 cgiecho 3 cgiemail 3 whm 3 WHM 1 WP Squared 1 cPanel 1 wp_squared 1
Quick Filters
Critical CVEs With Exploits In CISA KEV