Lucene search
K

106 matches found

RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.6 views

CVE-2026-29123

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

8.6CVSS6.1AI score0.00127EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 10:16 p.m.7 views

CVE-2026-29610

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

8.8CVSS0.00465EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 10:16 p.m.5 views

CVE-2026-29610

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

8.8CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2026/03/05 10:0 p.m.7 views

EUVD-2026-9934

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

7.8CVSS6.3AI score0.00465EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 10:0 p.m.5 views

CVE-2026-29610

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

7.8CVSS6.3AI score0.00465EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 10:0 p.m.28 views

CVE-2026-29610 OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

8.8CVSS0.00465EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 3:31 a.m.7 views

EUVD-2026-9515

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

8.6CVSS6.1AI score0.00127EPSS
Exploits1References2
CVE
CVE
added 2026/03/05 1:18 a.m.14 views

CVE-2026-29123

CVE-2026-29123 affects a SUID root-owned binary at /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux. The issue enables local privilege escalation through execution of the affected SUID binary, with attack methods including PATH hijacking, symlink abuse, or shared ...

8.6CVSS6.1AI score0.00127EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 1:18 a.m.3 views

CVE-2026-29123

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

8.6CVSS6.1AI score0.00127EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/05 1:18 a.m.38 views

CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

8.6CVSS0.00127EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/05 1:18 a.m.6 views

CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

8.6CVSS6.1AI score0.00127EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23100

Name of the Vulnerable Software and Affected Versions International Data Casting IDC SFX2100 affected versions not specified Description A SUID root-owned binary located in /home/xd/terminal/XDTerminal allows a local actor to potentially perform local privilege escalation depending on system...

8.6CVSS5.9AI score0.00127EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/03/04 12:28 a.m.3 views

SUSE CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

7CVSS6AI score0.00157EPSS
Exploits0References4
OSV
OSV
added 2026/02/19 5:28 p.m.9 views

GO-2026-4394 OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk

OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk...

7CVSS5.6AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20923

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.2.0 Splunk Enterprise for Windows versions prior to 10.0.3 Splunk Enterprise for Windows versions prior to 9.4.8 Splunk Enterprise for Windows versions prior to 9.3.9 Splunk Enterprise for...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20924

Splunk Enterprise Windows flaws CVSS 7.7 CVE-2026-20143 & CVE-2026-20140 allow system takeover via DLL and Python search path hijacking. Patch immediately. Splunk CyberSecurity InfoSec WindowsSecurity DLLHijacking LPE PatchNow https://t.co/wudRkJ9tIM...

5.4AI score
Exploits0References1
Cvelist
Cvelist
added 2026/02/06 4:41 p.m.27 views

CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path

Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory...

8.5CVSS0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.5 views

CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

7CVSS5.7AI score0.00157EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:16 p.m.6 views

AZL-76449 CVE-2026-24051 affecting package cri-o 1.30.1-1

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

7CVSS7.5AI score0.00157EPSS
Exploits0References1
OSV
OSV
added 2026/02/02 11:16 p.m.5 views

AZL-76443 CVE-2026-24051 affecting package azl-otel-collector 0.127.0-1

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

7CVSS7.3AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder