CVE-2025-20284

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...

CVE-2025-5478

Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The...

CVE-2025-6177

Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...

CVE-2025-6177

Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...

CVE-2025-6177 ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked

Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...

CVE-2025-6177

CVE-2025-6177 describes a local privilege-escalation in Google ChromeOS MiniOS, where a debug shell (VT3 console) is reachable via specific key combinations during developer mode entry and MiniOS access, allowing root code execution even when developer mode is blocked by policy or FWMP. Affected:...

CVE-2025-6177 ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked

Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...

Google ChromeOS 安全漏洞

Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an elevation of privilege vulnerability that originates from debug shell accessibility, which can be exploited by an attacker to access restricted system functions and data via elevation of...

CVE-2025-2766

70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default...

CVE-2024-44141

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution...

CVE-2023-28832

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to...

CVE-2023-27354

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The...

CVE-2023-27352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue...

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

CVE-2019-7269

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2017-18400

cPanel before 68.0.15 allows local root code execution via cpdavd SEC-333...

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Overview In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access “SMA” 100 series appliances SMA 200, 210, 400, 410, 500v. These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access ...

CVE-2025-2763

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this...

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...