- How many CVEs does cpanel have?
- cpanel has 429 published CVE records since 2003, including 2 in the last two years.
- How many cpanel CVEs are in CISA KEV?
- Yes — 1 of cpanel's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which cpanel products have the most CVEs?
- The cpanel products with the most published CVEs are cpanel, webhost manager, cgiecho, cgiemail, whm.
- What are the most common weakness types in cpanel CVEs?
- cpanel's CVEs most often map to these CWE weakness types: CWE-125 (Out-of-bounds Read), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-276 (Incorrect Default Permissions), CWE-306 (Missing Authentication for Critical Function).
- Are there public exploits for cpanel vulnerabilities?
- Yes — 30 of cpanel's CVEs have a known public exploit.
- How many critical cpanel vulnerabilities are there?
- cpanel has 22 critical and 106 high-severity CVEs.
- What is the average severity of cpanel CVEs?
- The average CVSS base score across cpanel's scored CVEs is 6.1.