Nixpkgs security tracker

Login with GitHub

Suggestions search

Dismissed
Filter by:
With package: perlPackages.CpanelJSONXS

Found 6 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-32991
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 5 hours ago by @LeSuisse Activity log
  • Created suggestion 1 day, 17 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) 5 hours ago
Improper authorization checks of team members privileges allow a team …

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.

Affected products

cPanel
  • <11.126.0.59
  • <11.136.0.10
  • <11.130.0.23
  • <11.118.0.67
  • <11.110.0.119
  • <11.134.0.26
  • <11.124.0.38
  • <11.132.0.32
WP Squared
  • <11.136.1.12
cPanel (CloudLinux 6, CentOS 6)
  • <11.110.0.118

Matching in nixpkgs

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-32993
8.3 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 5 hours ago by @LeSuisse Activity log
  • Created suggestion 1 day, 17 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) 5 hours ago
Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` …

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.

Affected products

cPanel
  • <11.134.0.26
  • <11.136.0.10
  • <11.132.0.32
WP Squared
  • <11.136.1.12

Matching in nixpkgs

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-29205
8.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): Low (L)
updated 5 hours ago by @LeSuisse Activity log
  • Created suggestion 1 day, 17 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) 5 hours ago
Incorrect privileges management and insufficient path filtering allow to read …

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

Affected products

cPanel
  • <11.126.0.59
  • <11.136.0.10
  • <11.130.0.23
  • <11.124.0.38
  • <11.134.0.26
  • <11.132.0.32
WP Squared
  • <11.136.1.12

Matching in nixpkgs

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-29206
8.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 5 hours ago by @LeSuisse Activity log
  • Created suggestion 1 day, 17 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) 5 hours ago
Insufficient sanitization of SQL queries in the `sqloptimizer` utility script …

Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.

Affected products

cPanel
  • <11.126.0.59
  • <11.94.0.31
  • <11.136.0.10
  • <11.130.0.23
  • <11.102.0.42
  • <11.118.0.67
  • <11.110.0.119
  • <11.86.0.44
  • <11.134.0.26
  • <11.124.0.38
  • <11.132.0.32
WP Squared
  • <11.136.1.12
cPanel (CloudLinux 6, CentOS 6)
  • <11.110.0.118

Matching in nixpkgs

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-32992
8.2 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 5 hours ago by @LeSuisse Activity log
  • Created suggestion 1 day, 17 hours ago
  • @LeSuisse dismissed (not in Nixpkgs) 5 hours ago
SSL verification is disabled in the DNS Cluster system. This …

SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.

Affected products

cPanel
  • <11.126.0.59
  • <11.136.0.10
  • <11.130.0.23
  • <11.134.0.26
  • <11.132.0.32
WP Squared
  • <11.136.1.12

Matching in nixpkgs

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-41940
9.8 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 weeks, 1 day ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 1 day ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 1 day ago
cPanel and WHM Authentication Bypass via Login Flow

cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Affected products

WHM
  • <11.134.0.20
  • <11.118.0.63
  • <11.132.0.29
  • <11.126.0.54
  • <11.136.0.5
  • <11.110.0.97
cPanel
  • <11.134.0.20
  • <11.118.0.63
  • <11.132.0.29
  • <11.126.0.54
  • <11.136.0.5
  • <11.110.0.97
WP Squared
  • <11.136.1.7

Matching in nixpkgs