Approved changes feed: RSS · Atom
cpe:2.3:a:webpros:cpanel:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Webpros (3ebf8919-8933-5275-88f3-83c91ccd7db5) |
|---|---|
| Product | Cpanel (4c93d947-37c4-517e-869e-2b368e1e15e7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-41940 |
vulnerable | 2026-06-08 08:03:15.790699 |
WebPros cPanel and WHM Authentication Bypass via Login Flow
CRITICAL (9.8)
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Published: 2026-04-29T15:10:37.899Z
Updated: 2026-05-06T15:48:18.270Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32993 |
vulnerable | 2026-06-08 07:57:18.429068 |
Details available
HIGH (8.3)
Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.
Published: 2026-05-13T22:06:04.114Z
Updated: 2026-05-14T13:12:33.758Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32992 |
vulnerable | 2026-06-08 07:57:18.428800 |
Details available
HIGH (8.2)
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
Published: 2026-05-13T22:06:04.157Z
Updated: 2026-05-14T13:13:06.565Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-32991 |
vulnerable | 2026-06-08 07:57:18.426516 |
Details available
HIGH (7.1)
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.
Published: 2026-05-13T22:07:16.151Z
Updated: 2026-05-14T13:11:23.622Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-29206 |
vulnerable | 2026-06-08 07:55:16.230228 |
Details available
HIGH (8.1)
Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.
Published: 2026-05-13T22:07:16.256Z
Updated: 2026-05-14T13:55:12.266Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-29205 |
vulnerable | 2026-06-08 07:55:16.229812 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-29203 |
vulnerable | 2026-06-08 07:55:16.227342 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-29202 |
vulnerable | 2026-06-08 07:55:16.226876 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-29201 |
vulnerable | 2026-06-08 07:55:16.224391 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.