Lucene search
K

16 matches found

GithubExploit
GithubExploit
added 2026/06/16 7:39 a.m.63 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...

8.5CVSS5.8AI score0.01261EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/06/16 6:9 a.m.64 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

cve-id ⚡ Simple Usage Use this project only in safe and...

8.7CVSS5.5AI score0.03847EPSS
Exploits15
The Hacker News
The Hacker News
added 2026/06/16 5:41 a.m.9 views

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 18, 2026. The vulnerability in questi...

8.5CVSS5.5AI score0.01261EPSS
Exploits3
NVD
NVD
added 2026/06/14 4:16 a.m.25 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/06/14 3:23 a.m.36 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References2
CVE
CVE
added 2026/06/14 3:23 a.m.255 views

CVE-2026-54420

CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3References3Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2026/06/01 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3References5
The Hacker News
The Hacker News
added 2026/05/23 7:35 a.m.21 views

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 CVSS score: 10.0, relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts...

10CVSS6.1AI score0.18914EPSS
Exploits1
NVD
NVD
added 2026/05/21 2:16 a.m.30 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS0.18914EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/21 12:38 a.m.12 views

EUVD-2026-31204

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/21 12:38 a.m.58 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS0.18914EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/21 12:38 a.m.12 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:38 a.m.10 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/21 12:38 a.m.42 views

CVE-2026-48172

The vulnerability CVE-2026-48172 affects LiteSpeed User-End cPanel Plugin prior to 2.4.5. The issue stems from mishandling of Redis enable/disable features, enabling privilege escalation (possibly to root). In-the-wild exploitation was reported in May 2026. Detection guidance is provided: run gre...

10CVSS5.8AI score0.18914EPSS
In wildExploits1References4Affected Software2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

LiteSpeed User-End cPanel Plugin 安全漏洞

The LiteSpeed User-End cPanel Plugin is an integrated management plugin for LiteSpeed server users, developed by LiteSpeed Corporation and designed to work within the cPanel environment. Versions of the LiteSpeed User-End cPanel Plugin prior to version 2.4.5 contained security vulnerabilities...

10CVSS6AI score0.18914EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.1 views

Acronis多款产品 安全漏洞

Acronis Backup plugin for cPanel & WHM Linux, etc. is a plugin from Acronis Switzerland. A security vulnerability exists in various Acronis products that stems from improper handling of symbolic links, resulting in arbitrary file overwrites during recovery. The following products and versions are...

5.5CVSS5.6AI score0.00196EPSS
Exploits0References3
Rows per page
Query Builder