Cpanel

A remote, anonymous attacker can exploit a vulnerability in cPanel cPanel/WHM to perform an HTTP response header injection, enabling cross-site scripting (XSS), open redirect attacks, and cache or header manipulation.

A remote, anonymous attacker can exploit a vulnerability in cPanel cPanel/WHM to potentially execute arbitrary code or cause a denial-of-service condition.

Multiple vulnerabilities in cPanel/WHM allow an attacker to escalate privileges, perform SQL injection with root privileges, manipulate data, or disclose sensitive information.

Multiple vulnerabilities in cPanel & WHM and WP Squared allow authenticated users to escalate privileges, execute arbitrary code, and cause denial-of-service conditions by exploiting improper input validation and unsafe symlink handling.

A vulnerability exists in WHM, cPanel, and WP Squared, Linux-based web hosting control panels, which could allow for remote code execution by bypassing authentication and gaining administrative access.

CVE-2026-41940 is a critical authentication bypass vulnerability in cPanel & WHM, allowing unauthenticated remote attackers to gain administrative access by manipulating session data.

An authentication bypass vulnerability in cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 allows unauthenticated remote attackers to gain unauthorized access to the control panel.

A local attacker can exploit a vulnerability in cPanel/WHM to escalate their privileges.

An anonymous remote attacker can exploit multiple vulnerabilities in cPanel/WHM to bypass security measures, perform XSS and SSRF attacks, disclose information, and potentially execute code.

CVE-2026-41940 is an authentication bypass vulnerability in WebPros cPanel & WHM and WP2 (WordPress Squared) that allows unauthenticated remote attackers to gain unauthorized access to the control panel.