CVE-2026-33727

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

EUVD-2024-55535

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

CVE-2026-33727

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

CVE-2024-14032

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

CVE-2026-33727

Pi-hole 6.4 contains a local privilege escalation: attacker-controlled content in /etc/pihole/versions can be sourced by root-run Pi-hole scripts, enabling root code execution from the pihole user (nologin but not preventing code execution). The issue arises in a post-compromise scenario and is f...

EUVD-2026-19291

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

Pi-hole 安全漏洞

Pi-hole is a web-level ad blocking application developed by Pi-hole Inc. Version 6.4 of Pi-hole contains a security vulnerability that stems from an increase in local privileges, potentially allowing root code to be executed from a low-privilege account...

CVE-2026-20097

CVE-2026-20097 affects the web-based management interface of Cisco IMC. An authenticated admin could trigger arbitrary code execution as root due to improper validation of user-supplied input, by sending crafted HTTP requests to the device. The impact is execution of code on the underlying OS as ...

(Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of firewall rules. The issue results from failing to...

NoMachine External Control of File Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of command li...

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

CVE-2026-33201

The Digital Photo Frame GH-WDF10A from GREEN HOUSE CO., LTD. contains an active debug code vulnerability. Exploitation can read/write files or configurations on the device, or arbitrarily execute files with root privileges. CVSS data from the connected CVE entry indicates high impact on confident...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : systemd vulnerabilities (USN-8119-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8119-1 advisory. It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to...

Ubuntu: Security Advisory (USN-8119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8119-2: systemd vulnerabilities

USN-8119-1 fixed vulnerabilities in systemd. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could...

USN-8119-2 systemd vulnerabilities

USN-8119-1 fixed vulnerabilities in systemd. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could...

USN-8119-1 systemd vulnerabilities

It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. CVE-2026-29111 It was discovered that the systemd udev component incorrectly handled certain fields received from th...

USN-8119-1: systemd vulnerabilities

It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. CVE-2026-29111 It was discovered that the systemd udev component incorrectly handled certain fields received from th...

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center FMC Software and Cisco Security Cloud Control SCC Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root...