cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).

cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).

cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).

cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).

cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).

cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).

cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).

cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).

cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).

cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).