CVE-2026-54420

Publié : 14 juin 2026

Modifié : 14 juin 2026

Score CVSS

8.5

HIGH

Description détaillée

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Références et Patchs

https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel

Dernières Vulnérabilités

CVE-2026-54421

In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security issue.

VOIR DÉTAILS

CVE-2026-12176

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

VOIR DÉTAILS

CVE-2026-12175

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

VOIR DÉTAILS