webmin

Top products

The 15 most recently published vulnerabilities affecting webmin.

• CVE-2026-56020Webmin HTTP header authentication bypass8.1Jun 18, 2026
• CVE-2026-56021Webmin information disclosure via regex pattern5.3Jun 18, 2026
• CVE-2026-56022Webmin MFA bypass5.3Jun 18, 2026
• CVE-2026-49102Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).6.1May 27, 2026
• CVE-2026-22678Webmin < 2.641 Stored XSS via System and Server Status5.4May 21, 2026
• CVE-2025-67738squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to...8.5Dec 11, 2025
• CVE-2025-61541Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_em...7.1Oct 16, 2025
• CVE-2025-2774Уязвимость веб-панели управления сервером Webmin, позволяющая нарушителю повысить свои привилегии8.8May 5, 2025
• CVE-2015-2079Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.9.9Apr 28, 2025
• CVE-2024-12828Webmin CGI Command Injection Remote Code Execution Vulnerability8.8Dec 30, 2024
• CVE-2024-44762A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.5.3Oct 16, 2024
• BDU:2024-07259Уязвимость панели управления хостингом Webmin, связанная с некорректными разрешениями и привилегиями, позволяющая нарушителю обойти существующие ограничения безопасности5.4Sep 18, 2024
• CVE-2024-45692Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.7.5Sep 4, 2024
• CVE-2024-36453Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be ...6.1Jul 10, 2024
• CVE-2024-36452Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a ...3.1Jul 10, 2024