CVE-2026-31979: The Symlink Trap — Root Privilege Escalation in Himmelblau

...

CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the presence of binary...

EUVD-2025-208241

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...

CVE-2025-63909

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...

📄 Qualcomm CVP Kernel Driver Pointer Disclosure / Privilege Escalation

This advisory describes a local privilege escalation vulnerability affecting the Qualcomm CVP kernel driver msmcvp, exposed through the /dev/cvp device node on Android systems using Qualcomm SoCs. The vulnerability originates from an improperly obfuscated kernel pointer returned to user space as ...

CVE-2026-20610

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...

Crontab Privilege Escalation

Two group crontab to root privilege separation bypasses were found. This is older research from 2017 that was missing from the archive...

CVE-2026-20098 Cisco Meeting Management Arbitrary File Upload Vulnerability

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in...

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

CVE-2018-9105

NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately...

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

CVE-2021-22386

A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges...

CVE-2020-7468

In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd8 bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Broker Machine Pentesting Report Target & Overview - Mac...

CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root.

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

A critical privilege escalation vulnerability exists in Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below. This is a proof of concept exploit written in PHP...

CVE-2025-66429

The CVE-2025-66429 issue affects cPanel versions 110–132, where a directory traversal in the Team Manager API can overwrite arbitrary files, enabling privilege escalation to root. Documented impact is high (CVE score 8.8). Exploitation status isn’t provided in the sources. Remediation guidance ap...

PT-2025-50728

Name of the Vulnerable Software and Affected Versions cPanel versions 110 through 132 Description A directory traversal issue exists within the Team Manager API. This allows for the overwriting of arbitrary files, potentially leading to privilege escalation to the root user. Recommendations Updat...

GHSA-QWCC-2R77-5W2F sd changes the group ownership of the source file

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...