Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-18442

    cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.0

    MEDIUM
    CVE-2017-18441

    cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-18440

    cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18439

    cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18438

    cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2017-18437

    cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-18436

    cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18435

    cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18434

    cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-18433

    cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18432

    In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18431

    cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-18430

    In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-18429

    In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-18428

    In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-18427

    In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-18426

    cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-18425

    In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-18424

    In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-18423

    In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292815 Results