Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (428 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2308 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
CVE-2004-1769 1 Cpanel 1 Cpanel 2026-04-16 N/A
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
CVE-2004-1603 1 Cpanel 1 Cpanel 2026-04-16 5.5 Medium
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
CVE-2006-2825 1 Cpanel 1 Cpanel 2026-04-16 N/A
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
CVE-2025-66429 1 Cpanel 1 Cpanel 2025-12-15 8.8 High
An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.
CVE-2017-11441 1 Cpanel 1 Whm 2025-04-20 N/A
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
CVE-2017-5614 1 Cpanel 1 Cpanel 2025-04-20 6.1 Medium
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
CVE-2017-5613 1 Cpanel 2 Cgiecho, Cgiemail 2025-04-20 N/A
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
CVE-2017-5616 1 Cpanel 2 Cgiecho, Cgiemail 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
CVE-2017-5615 1 Cpanel 2 Cgiecho, Cgiemail 2025-04-20 N/A
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
CVE-2009-4823 1 Cpanel 1 Cpanel 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
CVE-2023-29489 1 Cpanel 1 Cpanel 2024-11-21 5.3 Medium
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
CVE-2021-38590 1 Cpanel 1 Cpanel 2024-11-21 5.5 Medium
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
CVE-2021-38589 1 Cpanel 1 Cpanel 2024-11-21 8.1 High
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
CVE-2021-38588 1 Cpanel 1 Cpanel 2024-11-21 8.1 High
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
CVE-2021-38587 1 Cpanel 1 Cpanel 2024-11-21 7.5 High
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
CVE-2021-38586 1 Cpanel 1 Cpanel 2024-11-21 4.4 Medium
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
CVE-2021-38585 1 Cpanel 1 Cpanel 2024-11-21 7.2 High
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
CVE-2021-38584 1 Cpanel 1 Cpanel 2024-11-21 7.2 High
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
CVE-2021-31803 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).