85 CVEs

2 in CISA KEV

control-webpanel Vulnerabilities

CVE security advisories and vulnerability history for control-webpanel.

85

Total CVEs

Published

2

In CISA KEV

Exploited in the wild

34

Public exploits

With known exploit

9.1

Avg CVSS

2018–2025

Overview

control-webpanel has 85 published CVE records since 2018, of which 2 are in CISA's Known Exploited Vulnerabilities catalog and 34 have a known public exploit. The average CVSS base score across scored CVEs is 9.1.

This page aggregates every publicly disclosed vulnerability (CVE) affecting control-webpanel products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of control-webpanel's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical31

High15

Medium0

Low0

39 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

2

2 of control-webpanel's CVEs are confirmed exploited in the wild.

Public exploits

34

34 of control-webpanel's CVEs have a known public exploit available.

Most affected products

The control-webpanel products with the most published CVEs.

webpanel85 CVEs
CentOS Web Panel39 CVEs
Control Web Panel4 CVEs
control_web_panel4 CVEs
Control Web Panel 71 CVEs

Common weakness types

The CWE weakness categories most often found in control-webpanel CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish control-webpanel CVE records.

Disclosure activity by year

How many control-webpanel CVEs were published each year.

2018

8

2019

25

2020

39

2021

2

2022

5

2023

1

2024

4

2025

1

Latest control-webpanel CVEs

The most recently disclosed vulnerabilities affecting control-webpanel.

Critical vulnerability · 2025-09-19
CISA KEV
CWE-78
Critical · CVSS 10.0
EPSS 67.4%2025-09-19
High vulnerability · 2024-05-03
CWE-78
High · CVSS 8.8
EPSS 1.3%2024-05-03
High vulnerability · 2024-05-03
CWE-78
High · CVSS 7.8
EPSS 0.2%2024-05-03
Control Web Panel Missing Authentication Remote Code Execution Vulnerability
CWE-306
Critical · CVSS 9.8
EPSS 1.2%2024-05-03
High vulnerability · 2024-05-03
CWE-78
High · CVSS 8.8
EPSS 1.8%2024-05-03
Critical vulnerability · 2023-01-05
CISA KEV
CWE-78
Critical · CVSS 10.0
EPSS 94.5%2023-01-05
Critical vulnerability · 2022-12-26
CWE-863
Critical · CVSS 9.8
EPSS 4.2%2022-12-26
Critical vulnerability · 2022-12-26
CWE-862
Critical · CVSS 9.8
EPSS 88.1%2022-12-26
Vulnerability vulnerability · 2022-07-07
Unscored
EPSS 16.2%2022-07-07
Vulnerability vulnerability · 2022-07-07
Unscored
EPSS 0.3%2022-07-07
Vulnerability vulnerability · 2022-07-07
Unscored
EPSS 4.1%2022-07-07
Vulnerability vulnerability · 2021-05-18
Unscored
EPSS 59.4%2021-05-18

Track new control-webpanel CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor control-webpanel CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about control-webpanel vulnerabilities.

How many CVEs does control-webpanel have?

control-webpanel has 85 published CVE records since 2018, including 1 in the last two years.

How many control-webpanel CVEs are in CISA KEV?

Yes — 2 of control-webpanel's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which control-webpanel products have the most CVEs?

The control-webpanel products with the most published CVEs are webpanel, CentOS Web Panel, Control Web Panel, control_web_panel, Control Web Panel 7.

What are the most common weakness types in control-webpanel CVEs?

control-webpanel's CVEs most often map to these CWE weakness types: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-306 (Missing Authentication for Critical Function), CWE-749 (Exposed Dangerous Method or Function).

Are there public exploits for control-webpanel vulnerabilities?

Yes — 34 of control-webpanel's CVEs have a known public exploit.

How many critical control-webpanel vulnerabilities are there?

control-webpanel has 31 critical and 15 high-severity CVEs.

What is the average severity of control-webpanel CVEs?

The average CVSS base score across control-webpanel's scored CVEs is 9.1.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track control-webpanel vulnerabilities

Monitor new control-webpanel vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing