Product

CPanel

5 briefs RSS

cPanel cPanel/WHM Vulnerability Allows Header Manipulation

A remote, anonymous attacker can exploit a vulnerability in cPanel cPanel/WHM to perform an HTTP response header injection, enabling cross-site scripting (XSS), open redirect attacks, and cache or header manipulation.

cPanel/WHM cpanel header-injection xss open-redirect

2r 1t 4w ago

critical threat

cPanel cPanel/WHM Vulnerability Allows Code Execution and DoS

2 rules 2 TTPs

A remote, anonymous attacker can exploit a vulnerability in cPanel cPanel/WHM to potentially execute arbitrary code or cause a denial-of-service condition.

cPanel/WHM cpanel rce dos webserver

2r 2t 4w ago

high threat

Multiple Vulnerabilities in cPanel/WHM Allow Privilege Escalation and Data Manipulation

2 rules 3 TTPs

Multiple vulnerabilities in cPanel/WHM allow an attacker to escalate privileges, perform SQL injection with root privileges, manipulate data, or disclose sensitive information.

cPanel/WHM cpanel privilege-escalation sql-injection data manipulation

2r 3t May 15, 2026

critical advisory

WHM, cPanel, and WP Squared Vulnerability Allows Remote Code Execution

2 rules 1 TTP

A vulnerability exists in WHM, cPanel, and WP Squared, Linux-based web hosting control panels, which could allow for remote code execution by bypassing authentication and gaining administrative access.

cPanel +2 vulnerability rce whm wp squared linux

2r 1t May 4, 2026

critical advisory

cPanel and WHM Authentication Bypass Vulnerability (CVE-2026-41940)

2 rules 1 TTP 1 CVE

An authentication bypass vulnerability in cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 allows unauthenticated remote attackers to gain unauthorized access to the control panel.

WHM +1 cpanel authentication-bypass CVE-2026-41940 webserver

2r 1t 1c Apr 29, 2026