Vulnerabilidades em WebPros
14 resultadosCVE-2026-41940CRITICALWebPros cPanel and WHM Authentication Bypass via Login FlowEPSS 98.1%KEVCVE-2026-29205HIGHIncorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment downloaEPSS 7.2%CVE-2026-29202MEDIUMInsufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the alEPSS 0.8%CVE-2026-44962CRITICALPlesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolatEPSS 0.7%CVE-2026-29203MEDIUMA chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system filEPSS 0.5%CVE-2026-29201HIGHInsufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relaEPSS 0.4%CVE-2026-47365CRITICALArgument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass croEPSS 0.4%CVE-2026-29204CRITICALInsufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` EPSS 0.3%CVE-2026-32999CRITICALInsufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute EPSS 0.3%CVE-2026-29206HIGHInsufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow QueryEPSS 0.3%CVE-2026-32993HIGHImproper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arEPSS 0.3%CVE-2026-29200CRITICALA critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerabilitEPSS 0.3%CVE-2026-32992HIGHSSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and captureEPSS 0.3%CVE-2026-32991HIGHImproper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.EPSS 0.2%