Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29203 | 1 Webpros | 3 Cpanel, Cpanel (centos 6, Cloudlinux 6), Wp Squared | 2026-05-10 | 8.8 High |
| A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory. | ||||
| CVE-2026-29202 | 1 Webpros | 3 Cpanel, Cpanel (centos 6, Cloudlinux 6), Wp Sqaured | 2026-05-10 | 8.8 High |
| Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user. | ||||
| CVE-2026-29201 | 1 Webpros | 3 Cpanel, Cpanel (centos 6, Cloudlinux 6), Wp Squared | 2026-05-10 | 4.3 Medium |
| Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed. | ||||
| CVE-2026-29200 | 1 Webpros | 1 Comet Backup | 2026-05-04 | N/A |
| A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call. | ||||
| CVE-2025-65518 | 2 Plesk, Webpros | 2 Obsidian, Plesk Obsidian | 2026-01-30 | 7.5 High |
| Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance. | ||||
Page 1 of 1.