CVE-2025-57699

Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege...

CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the interaction of the waitfordeviceprobe function with deferredprobetimeout, which results in...

CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell...

CVE-2024-24765

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

Injection Vulnerability in Multiple Siemens Products

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 are industrial routers. An injection vulnerability exists in multiple Siemens products, which can be exploited by attackers to inject code or generate a system root shell...

CVE-2024-50572

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...

CVE-2024-50572

CVE-2024-50572 affects Siemens industrial devices (e.g., RUGGEDCOM RM1224 LTE, SCALANCE M family, S615, and related models) where an input field is not properly sanitized. This allows an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. The ...

CVE-2024-45731

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

CVE-2024-45731

Summary: CVE-2024-45731 affects Splunk Enterprise for Windows prior to 9.3.1, 9.2.3, and 9.1.6. A low-privileged user (not admin/power roles) could write a file to the Windows system root (default System32 location) when Splunk is installed on a separate drive. Root cause / impact: arbitrary file...

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

CVE-2024-41111

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

CVE-2024-41111

CVE-2024-41111 affects Sliver 1.6.0 prerelease. The issue is remote code execution on the Sliver teamserver via a low‑privileged operator, executing as root. Exploitation relies on a command-injection in the generate msf-stager flow to inject flags into msfvenom and overwrite Sliver’s own Go bina...

CVE-2024-27943

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code...

CVE-2024-31819

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component...

PT-2024-5038 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 12.4 through 14.2 Description: The issue in WWBN AVideo is related to insufficient input validation in the submitIndex.php file of the WWBNIndex plugin, allowing a remote attacker to execute arbitrary code via the...

CVE-2024-24765

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

CasaOS-UserService allows unauthorized access to any file

Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...

CVE-2024-25940 bhyveload(8) host file access

bhyveload -h may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload8 do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to. In the bhyveload8 model, the host supplies a userboot.so to...