Lucene search
K

1372 matches found

Cvelist
Cvelist
added 2026/04/08 1:55 p.m.21 views

CVE-2025-58713 Rhpam: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 1:55 p.m.21 views

CVE-2025-57847 Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions

A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions during the build process. In certain conditions, an attacker who can execute commands within an affected...

6.4CVSS0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31310

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS6.1AI score0.00113EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 4:34 p.m.3 views

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS6.5AI score0.00129EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.7 views

SUSE CVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

6.9CVSS5.7AI score0.00397EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2026/04/06 12:0 a.m.151 views

WordPress Madara - Local File Inclusion

Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Tested on: OS / PHP / WordPress versions used in testing — e.g., Ubuntu 22.04, PHP 8.1, WP 6.4 CVE:...

9.8CVSS7.2AI score0.09094EPSS
Exploits5
NVD
NVD
added 2026/03/30 6:16 p.m.20 views

CVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

6.9CVSS0.00397EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29088

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description Nginx UI improperly handles URL-encoded traversal sequences in its configuration, potentially leading to a partial Denial of Service. Specifically, specially crafted paths can cause the backend to...

7.5CVSS6AI score0.38477EPSS
Exploits11References46
SUSE CVE
SUSE CVE
added 2026/03/28 6:29 p.m.10 views

SUSE CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability, which stems from the use of passwd files for each domain. This configuration allows for path traversal attacks, potentially...

5.3CVSS5.8AI score0.00427EPSS
Exploits1References1
NVD
NVD
added 2026/03/22 2:16 p.m.7 views

CVE-2019-25610

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...

7.1CVSS0.00622EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 9:34 p.m.7 views

EUVD-2026-12494

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

6.9CVSS5.8AI score0.00513EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 7:7 p.m.2 views

CVE-2026-29516 Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

6.9CVSS5.8AI score0.00513EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

Red Hat Openshift Data Foundation 安全漏洞

Red Hat Openshift Data Foundation is a software-defined storage platform developed by Red Hat Inc. There is a security vulnerability in Red Hat Openshift Data Foundation 4. This vulnerability stems from the /etc/passwd file, which was created during construction and has write permissions for...

6.4CVSS5.9AI score0.00165EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/12 12:0 a.m.8 views

VulnCheck KEV: CVE-2019-12314

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...

9.8CVSS5.8AI score0.8422EPSS
In wildExploits6References9
EUVD
EUVD
added 2026/03/05 3:31 a.m.7 views

EUVD-2026-9514

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00139EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/03 9:36 p.m.12 views

OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL

Summary shell-env fallback trusted prefix-based executable paths for $SHELL, allowing execution of attacker-controlled binaries in local/runtime-env influence scenarios. Details In affected versions, shell selection accepted either: 1. a shell listed in /etc/shells, or 2. any executable under...

7.8CVSS6.1AI score0.00125EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-25355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal...

8.7CVSS7.1AI score0.01206EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 10:16 p.m.4 views

DEBIAN-CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

7.5CVSS5.6AI score0.01206EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/02/18 10:16 p.m.7 views

CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

8.7CVSS7.2AI score0.01206EPSS
Exploits1References5
Rows per page
Query Builder