4594 matches found
CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...
CVE-2026-2000
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...
CVE-2026-2000
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...
EUVD-2023-48033
EVE's Debug Functions Unlockable Without Triggering Measured Boot...
CVE-2026-25145 melange has a path traversal in license-path which allows reading files outside workspace
melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...
openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand
A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code executi...
CVE-2026-22229
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device,...
Security update for logback
This update for logback fixes the following issues: CVE-2026-1225: ACE vulnerability in configuration file bsc1257094 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command liste...
SUSE-SU-2026:0361-1 Security update for logback
This update for logback fixes the following issues: - CVE-2026-1225: ACE vulnerability in configuration file bsc1257094...
openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand
A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code executi...
CVE-2025-13176
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
PsySH has Local Privilege Escalation via CWD .psysh.php auto-load
Summary PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When t...
CVE-2025-13176 Local privilege escalation in ESET Inspect Connector for Windows
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
CVE-2025-13176
CVE-2025-13176 affects the Windows component of ESET Inspect Connector . The issue is described as a local privilege escalation where a specially crafted configuration file allows loading a malicious DLL, enabling potential code execution with elevated privileges. Documented impact indicates loca...
CVE-2025-13176 Local privilege escalation in ESET Inspect Connector for Windows
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
CVE-2025-13176
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
EUVD-2025-206582
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL...
PT-2026-5395
Name of the Vulnerable Software and Affected Versions ESET Inspect Connector versions prior to 3.0.5765 Description The ESET Inspect Connector is susceptible to a local privilege escalation. Planting a custom configuration file allows the loading of a malicious DLL. The ElConnector.exe process,...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10667)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in config.php. An attacker can exploit this vulnerability to...