Lucene search
K

3962 matches found

Nuclei
Nuclei
added yesterday90 views

cPanel < 11.109.9999.116 - Cross-Site Scripting

An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. id: CVE-2023-29489 info: name: cPanel 11.109.9999.116 - Cross-Site Scripting author: DhiyaneshDk,0xKayala severity: medium description: | An issue was...

6.1CVSS6.5AI score0.65533EPSS
Exploits7References5
OSV
OSV
added 2026/07/06 2:16 a.m.3 views

UBUNTU-CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 1:34 a.m.9 views

EUVD-2026-41798

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:45 a.m.3 views

OPENSUSE-SU-2026:21140-1 Security update for perl-Cpanel-JSON-XS

This update for perl-Cpanel-JSON-XS fixes the following issues: Changes in perl-Cpanel-JSON-XS: - updated to 4.420.0 4.42 see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes 4.42 2026-06-27 rurban - Ensure encode with a type spec hashref does not change the hashref argument GH 240 - Fix -e...

7.5CVSS6.2AI score0.00405EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/16 5:49 p.m.80 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 ⚠ This tool is created solely for education...

9.8CVSS6.2AI score0.981EPSS
Exploits64
GithubExploit
GithubExploit
added 2026/06/16 7:39 a.m.75 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...

8.5CVSS5.8AI score0.01261EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/06/16 6:9 a.m.79 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

cve-id ⚡ Simple Usage Use this project only in safe and...

8.7CVSS5.5AI score0.03847EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/06/16 5:41 a.m.12 views

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 18, 2026. The vulnerability in questi...

8.5CVSS5.5AI score0.01261EPSS
Exploits3
NVD
NVD
added 2026/06/14 4:16 a.m.28 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References3
CVE
CVE
added 2026/06/14 3:23 a.m.287 views

CVE-2026-54420

CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3References3Affected Software2
Cvelist
Cvelist
added 2026/06/14 3:23 a.m.59 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References2
NVD
NVD
added 2026/06/12 4:17 a.m.17 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS0.00409EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.30 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS0.00409EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:27 a.m.33 views

CVE-2026-47365

CVE-2026-47365 affects WordPress Toolkit (before 6.11.0) as used in cPanel & WHM. An argument injection flaw enables remote authenticated users to bypass cross-tenant authorization and run arbitrary wp-toolkit CLI commands as another account. The description and connected records confirm the affe...

9.9CVSS5.9AI score0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.12 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS5.8AI score0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:27 a.m.27 views

EUVD-2026-36376

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS5.9AI score0.00409EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/06 12:49 p.m.70 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 - cPanel/WHM Authentication Bypass This reposi...

9.8CVSS6AI score0.981EPSS
Exploits64
GithubExploit
GithubExploit
added 2026/06/05 10:55 a.m.80 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 — cPanel2Shell Interactive exploitation tool...

9.8CVSS6AI score0.981EPSS
Exploits64
Fedora
Fedora
added 2026/06/05 4:27 a.m.12 views

[SECURITY] Fedora 44 Update: perl-Cpanel-JSON-XS-4.41-1.fc44

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00361EPSS
Exploits0
Fedora
Fedora
added 2026/06/05 4:10 a.m.13 views

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00361EPSS
Exploits0
Rows per page
Query Builder