Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how cpanel compares to other vendors in security performance

View Risk Score →

New Age of Collisions: Reading Arbitrary Files Pre-Auth as root in cPanel (CVE-2026-29205)

First published (updated )
Social
reddit

Cpanel Cpanel::Nova::ConnectorA chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting …

Risk 79
Severity
5.3
First published (updated )
CVE-2026-29203

Dark ReadingExploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability

Exploited
Zeroday
First published (updated )
News
Dark Reading

BleepingComputerCritrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

Exploited
Zeroday
First published (updated )
News
BleepingComputer

The RegisterFirst reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

Exploited
First published (updated )
News
The Register
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

BleepingComputerCritical cPanel and WHM bug exploited as a zero-day, PoC now available

Exploited
First published (updated )
News
BleepingComputer

The RegisterCritical cPanel, WHM flaw probs exploited as 0-day, pros say

Exploited
Zeroday
First published (updated )
News
The Register

High Fidelity Check for the cPanel Authentication Bypass (CVE-2026-41940)

First published (updated )
Social
reddit

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs

First published (updated )
Social
reddit

Cpanel CpanelWebPros cPanel and WHM Authentication Bypass via Login Flow

Risk 99
Severity
9.3
Exploited
Trending
3 Months
First published (updated )
CVE-2026-41940
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Cpanel CpanelPath Traversal

Risk 79
Severity
8.8
First published (updated )
CVE-2025-66429

CVE-2025-40929: Cpanel::JSON::XS befoversion 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

First published (updated )
https://seclists.org/oss-sec/2025/q3/154

Cpanel JSON::XSCpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Risk 45
Severity
5.6
First published (updated )
CVE-2025-40929

3 new CVE's in old branch of GNU mailman

First published (updated )
https://seclists.org/oss-sec/2025/q2/110

3 new CVE's in old branch of GNU mailman

First published (updated )
https://seclists.org/oss-sec/2025/q2/75
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

3 new CVE's in old branch of GNU mailman

First published (updated )
https://seclists.org/oss-sec/2025/q2/71

Cpanel CpanelXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2023-29489

Cpanel CpanelXEE

Risk 66
Severity
7.2
First published (updated )
CVE-2021-38584

Cpanel CpanelThe WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).

Risk 66
Severity
7.2
First published (updated )
CVE-2021-38585

Cpanel CpanelIn cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).

Risk 26
Severity
4.4
First published (updated )
CVE-2021-38586
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Cpanel CpanelRace Condition

Risk 43
Severity
7.5
First published (updated )
CVE-2021-38587

Cpanel CpanelIn cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)…

Risk 75
Severity
8.1
First published (updated )
CVE-2021-38588

Cpanel CpanelIn cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of file…

Risk 60
Severity
8.1
First published (updated )
CVE-2021-38589

Cpanel CpanelIn cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).

Risk 32
Severity
5.5
First published (updated )
CVE-2021-38590

Cpanel CpanelXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2021-31803
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Cpanel CpanelcPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).

Risk 43
Severity
7.5
First published (updated )
CVE-2021-26266

Cpanel CpanelcPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (…

Risk 43
Severity
7.5
First published (updated )
CVE-2021-26267

Cpanel CpanelIn cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

Risk 38
Severity
6.5
First published (updated )
CVE-2020-29136

Cpanel CpanelXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2020-29137

Cpanel CpanelcPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

Risk 21
Severity
4.1
First published (updated )
CVE-2020-29135
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203