cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).

cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).

cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).

cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).

cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).

GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code.

cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).

cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).

cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).

cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).