CVE-2026-41054

A flaw was found in haveged. The sockethandler function, responsible for handling connections to the abstract UNIX socket, incorrectly proceeds with execution even after detecting that a connecting user is not root. This oversight allows a local unprivileged user to bypass security checks and...

ALPINE-CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

PT-2026-37314

Name of the Vulnerable Software and Affected Versions ciguard versions 0.1.0 through 0.8.1 Description The ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. As a static analyser, ciguard does not require root privileges. Running ...

PT-2026-37272

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z Description A path traversal issue in the ReadMultiple internode storage-REST endpoint allows an attacker with the cluster root JWT to read files outside the...

CVE-2025-57854

A container privilege escalation flaw was found in certain OpenShift Update Service OSUS images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, ev...

CVE-2025-57854

The CVE-2025-57854 issue affects OpenShift Update Service (OSUS) images where the /etc/passwd file is created with group-writable permissions during build. Under certain conditions, a non-root user who can run commands in an affected container could leverage membership in the root group to modify...

CVE-2025-57851 Mce: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

PT-2026-21954

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Controller affected versions not specified Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller and Manager allows an...

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

CVE-2026-27208

Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...

CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

PT-2026-21750

Name of the Vulnerable Software and Affected Versions bleon-ethical/api-gateway-deploy version 1.0.0 Description The software is susceptible to an attack chain involving OS Command Injection and Privilege Escalation. Successful exploitation allows an attacker to execute arbitrary commands with ro...

CVE-2025-9615 Networkmanager: networkmanager file access

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

CVE-2018-4006

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker wou...

CVE-2025-20358

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

EUVD-2025-37891

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

EUVD-2025-37351

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges...