mahfuzreham

2 exploits Active since Apr 2026

CVE-2026-54420 GITHUB HIGH shell SCANNER

Litespeed Technologies cPanel Plugin < 2.4.8 - UNIX Symbolic Link (Symlink) Following

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

CVSS 8.5

View Code

CVE-2026-41940 GITHUB CRITICAL shell SCANNER

cPanel and WHM Authentication Bypass via Login Flow

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

CVSS 9.8

View Code