Lucene search
K

28 matches found

GithubExploit
GithubExploit
added 2026/06/16 7:39 a.m.61 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...

8.5CVSS5.8AI score0.01261EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/06/16 5:41 a.m.9 views

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 18, 2026. The vulnerability in questi...

8.5CVSS5.5AI score0.01261EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/15 12:0 a.m.10 views

LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

LiteSpeed cPanel plugin contains a UNIX symbolic link Symlink following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3
NVD
NVD
added 2026/06/14 4:16 a.m.21 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References3
EUVD
EUVD
added 2026/06/14 3:23 a.m.12 views

EUVD-2026-36657

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/14 3:23 a.m.36 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/06/14 3:23 a.m.7 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
Exploits3References2
CVE
CVE
added 2026/06/14 3:23 a.m.250 views

CVE-2026-54420

CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.16 views

PT-2026-49104

Name of the Vulnerable Software and Affected Versions LiteSpeed cPanel plugin versions prior to 2.4.8 LiteSpeed WHM PlugIn versions prior to 5.3.2.0 Description A symlink-following flaw exists in the LiteSpeed cPanel plugin where the software mishandles symbolic links provided by a user. An...

8.5CVSS6AI score0.01261EPSS
Exploits3References48
VulnCheck KEV
VulnCheck KEV
added 2026/06/01 12:0 a.m.9 views

VulnCheck KEV: CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3References5
0day.today
0day.today
added 2024/01/29 12:0 a.m.514 views

CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command Vulnerability

CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. CloudLinux CageFS Insufficiently Restricted Proxy Command Link:...

4.4CVSS4.8AI score0.00378EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.447 views

CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Insufficiently Restricted Proxy Command Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02CloudLinuxCageFSInsufficientlyRestrictedProxyCommands Vulnerability Overview CloudLinux CageFS 7.0.8-2 or...

7.4AI score0.00378EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/01/26 12:0 a.m.963 views

CloudLinux CageFS 7.1.1-1 Token Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...

7.4AI score0.00474EPSS
Exploits2
OSV
OSV
added 2024/01/22 3:15 p.m.3 views

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

4.4CVSS5.9AI score0.00378EPSS
Exploits3References4
NVD
NVD
added 2024/01/22 3:15 p.m.39 views

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

4.4CVSS4.7AI score0.00378EPSS
Exploits3References4
Prion
Prion
added 2024/01/22 3:15 p.m.16 views

Command injection

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way...

3.2CVSS6.7AI score0.00378EPSS
Exploits3References3Affected Software1
NVD
NVD
added 2024/01/22 2:15 p.m.27 views

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

7.8CVSS8AI score0.00474EPSS
Exploits2References4
OSV
OSV
added 2024/01/22 2:15 p.m.3 views

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

7.8CVSS6.2AI score0.00474EPSS
Exploits2References4
Prion
Prion
added 2024/01/22 2:15 p.m.15 views

Authentication flaw

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user...

4.3CVSS7.8AI score0.00474EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/22 2:11 p.m.4 views

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

7AI score0.00378EPSS
Exploits3References4
Rows per page
Query Builder