Lucene search
K

11 matches found

NVD
NVD
added 2026/06/18 7:16 p.m.11 views

CVE-2026-47833

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

6.9CVSS0.00125EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 6:30 p.m.20 views

CVE-2026-47833

The CVE-2026-47833 issue affects bpm-release (all versions prior to v1.4.30). A compromised process inside a bpm container can trigger setupBpmLogs to follow a symlink for bpm.log, then perform chown on a host file to the user vcap, enabling container-to-host privilege escalation via the host’s /...

6.9CVSS5.5AI score0.00125EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 8:16 p.m.5 views

CVE-2026-29516

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

6.9CVSS0.00513EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25798

Name of the Vulnerable Software and Affected Versions Buffalo TeraStation NAS TS5400R versions 4.02-0.06 and earlier Description An excessive file permissions issue exists in Buffalo TeraStation NAS TS5400R. Authenticated attackers can read the /etc/shadow file by uploading and executing a PHP fi...

6.9CVSS5.8AI score0.00513EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

Buffalo TeraStation NAS TS5400R 安全漏洞

The Buffalo TeraStation NAS TS5400R is a rack-mounted network attached storage device from the Japanese company Buffalo. Versions of the Buffalo TeraStation NAS TS5400R between 4.02 and 0.06 and earlier contain security vulnerabilities. These vulnerabilities stem from improper file permission...

6.9CVSS5.8AI score0.00513EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2002-2198

Malware in sbrugna...

7.5CVSS6.4AI score0.06043EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4931

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.0069EPSS
Exploits0References7
OSV
OSV
added 2025/05/30 2:15 p.m.3 views

DEBIAN-CVE-2025-4598

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...

4.7CVSS5.7AI score0.00641EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/10/28 9:54 p.m.80 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919POC It's Proof of Concept on CVE-2024-24919-POC...

8.6CVSS9AI score0.99978EPSS
Exploits52
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.6 views

TOTOLINK A3600R 信任管理问题漏洞

TOTOLINK A3600R is a 6 antenna 1200M wireless router from TOTOLINK China.A security vulnerability exists in TOTOLINK A3600R Firmware V4.1.2cu.5182B20201102 version, which originates from the inclusion of the root password in /etc/shadow.sample. contains the root password. An attacker could exploi...

9.8CVSS5.6AI score0.00876EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/01/18 12:0 a.m.5 views

PT-2021-7656 · Asus · Asus Rt-Ac68U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634 Description: The issue is related to a SQL injection vulnerability in the Cloud Disk feature of the ASUS RT-AC68U router firmware. This vulnerability allows remote attackers to...

7.8CVSS7.5AI score0.01EPSS
Exploits1References4
Rows per page
Query Builder