3956 matches found
EUVD-2026-41798
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...
cPanel < 11.109.9999.116 - Cross-Site Scripting
An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. id: CVE-2023-29489 info: name: cPanel 11.109.9999.116 - Cross-Site Scripting author: DhiyaneshDk,0xKayala severity: medium description: | An issue was...
Astra Linux – Vulnerability in libcpanel-json-xs-perl
Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow that causes a segfault when parsing crafted JSON, allowing for denial-of-service attacks or other unspecified impacts...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 ⚠ This tool is created solely for education...
Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin
CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...
Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin
cve-id ⚡ Simple Usage Use this project only in safe and...
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 18, 2026. The vulnerability in questi...
CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
CVE-2026-54420
CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
EUVD-2026-36376
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
CVE-2026-47365 affects WordPress Toolkit (before 6.11.0) as used in cPanel & WHM. An argument injection flaw enables remote authenticated users to bypass cross-tenant authorization and run arbitrary wp-toolkit CLI commands as another account. The description and connected records confirm the affe...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 - cPanel/WHM Authentication Bypass This reposi...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 — cPanel2Shell Interactive exploitation tool...
[SECURITY] Fedora 44 Update: perl-Cpanel-JSON-XS-4.41-1.fc44
This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...
[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43
This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...
Fedora 44 : perl-Cpanel-JSON-XS (2026-0a82e80353)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0a82e80353 advisory. This update addresses a number of bugs including these security issues: Fix BOM-shift PV-corruption SIGABRT CVE-2026-9516 Fix dupkeysasarrayref type...