CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Cybersecurity researchers have uncovered two local privilege escalation LPE flaws that could be exploited to gain root privileges on machines running major Linux distributions. The vulnerabilities, discovered by Qualys, are listed below - CVE-2025-6018 - LPE from unprivileged to allowactive in...

IntelliNet 2.0 Remote Root Exploit

Zero day remote root exploit for IntelliNet version 2.0. It affects multiple devices of AES Corp and Siemens. The exploit provides a remote shell and escalates your permissions to full root permissions by abusing execsuid. No authentication needed at all, neither any interaction from the victim...

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak Vulnerability

Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak

Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...

Input validation

A vulnerability in Cisco access points AP software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker...

GNU Hurd has an unspecified vulnerability (CNVD-2021-100615)

Gnu Hurd is a Gnu Project replacement for the Unix kernel. Used to implement the file system, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux, GNU Hurd has a security vulnerability that could be exploited by an attacker to...

Design/Logic Flaw

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

Privilege escalation

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access...

CVE-2021-43411

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

RUSTSEC-2021-0101 Permissions bypass in pleaser

Failure to normalize the umask in pleaser before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command...

CVE-2021-31154

pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

CVE-2020-27187

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcoreexternalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related...

CVE-2020-27187

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcoreexternalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related...

OpenBSD 6.x - Dynamic Loader Privilege Escalation

Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration...

CVE-2019-12690 Cisco Firepower Management Center Command Injection Vulnerability

A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of...

CVE-2017-1119

IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attack...

CVE-2018-17208

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface. This occurs because shell...