CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

EUVD-2018-0271

Malware in sbrugna...

EUVD-2014-9211

Malware in sbrugna...

EUVD-2019-8121

Malware in sbrugna...

EUVD-2018-20925

Malware in sbrugna...

EUVD-2020-19897

Malware in sbrugna...

EUVD-2010-2434

Malware in sbrugna...

EUVD-2019-17802

Malware in sbrugna...

EUVD-2005-0443

Malware in sbrugna...

EUVD-2018-10313

Malware in sbrugna...

EUVD-2012-3302

Malware in sbrugna...

EUVD-2008-1960

Malware in sbrugna...

EUVD-2002-0792

Malware in sbrugna...

EUVD-2025-7316

Malicious code in bioql PyPI...

EUVD-2022-5242

Malicious code in bioql PyPI...

PT-2025-32178 · Qcms · Qcms

Name of the Vulnerable Software and Affected Versions: QCMS version 6.0.5 Description: A vulnerability allows authenticated users to read arbitrary files from the server due to insufficient validation of the Name parameter in the backend template editor. Attackers can manipulate this parameter to...

Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Due to a path validation flaw using prefix matching instead of canonical path comparison, it was possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability to create a directory with the same prefix as the CWD and the...

CVE-2025-25011

An uncontrolled search path element vulnerability can lead to local privilege Escalation LPE via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files,...

CVE-2025-0712

CVE-2025-0712 concerns Elastic APM Server on Windows and its installer. A local attacker could exploit an uncontrolled search path element caused by insecure directory permissions during Windows installer usage, enabling local privilege escalation to SYSTEM. Affected: APM Server Windows installer...

The vulnerability of the CSV file processor in the Django web development software platform allows a hacker to execute arbitrary code.

The vulnerability of the Django web application development platform’s CSV file processor is related to an incorrect path limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to inject arbitrary code by introducing it into a specially crafted CSV...