CPanel

A remote, anonymous attacker can exploit a vulnerability in cPanel cPanel/WHM to perform an HTTP response header injection, enabling cross-site scripting (XSS), open redirect attacks, and cache or header manipulation.

A remote, anonymous attacker can exploit a vulnerability in cPanel cPanel/WHM to potentially execute arbitrary code or cause a denial-of-service condition.

Multiple vulnerabilities in cPanel/WHM allow an attacker to escalate privileges, perform SQL injection with root privileges, manipulate data, or disclose sensitive information.

Multiple vulnerabilities in cPanel & WHM and WP Squared allow authenticated users to escalate privileges, execute arbitrary code, and cause denial-of-service conditions by exploiting improper input validation and unsafe symlink handling.

A vulnerability exists in WHM, cPanel, and WP Squared, Linux-based web hosting control panels, which could allow for remote code execution by bypassing authentication and gaining administrative access.

CVE-2026-41940 is a critical authentication bypass vulnerability in cPanel & WHM, allowing unauthenticated remote attackers to gain administrative access by manipulating session data.

An authentication bypass vulnerability in cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 allows unauthenticated remote attackers to gain unauthorized access to the control panel.