44 matches found
Vite Dev Server - Directory Traversal
Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...
GHSA-4GP8-RJRQ-CH6Q link-preview-js vulnerable to IPv6 and internal loopback attacks
Impact The library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. Patches Problem has been patched in version 4.0.1. However, it cannot be completely solved by the package alone. T...
PT-2026-37304
Name of the Vulnerable Software and Affected Versions Link Preview JS versions prior to 4.0.1 Description The library fails to check for IPv6 loopback attacks and is susceptible to DNS attacks where an address can be resolved into an internal IP. These issues may lead to internal data leaks...
sudo security update
1.9.5p2-1.0.1.el810.5 - Fixes sudo -s unclosed sessions when usepty option used Orabug: 36952911 1.9.5p2-1.5 RHEL 8.10.0.Z ERRATUM - CVE-2026-35535 - Privilege escalation due to failure in privilege drop calls Resolves: RHEL-166060 1.9.5p2-1.3 RHEL 8.10.0.Z ERRATUM - sudo passes SHELL environment...
EUVD-2026-18601
Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...
AlmaLinux 10 : sudo (ALSA-2025:11537)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11537 advisory. sudo: LPE via host option CVE-2025-32462 sudo: LPE via chroot option CVE-2025-32463 Tenable has extracted the preceding description block directly from...
sudo security update
An update is available for sudo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sudo packages contain the sudo utility which allows system administrators to...
RLSA-2025:9978 Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: LPE via host option CVE-2025-32462 For...
RLSA-2025:11537 Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: LPE via host option CVE-2025-32462 sudo...
sudo security update
An update is available for sudo. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sudo packages contain the sudo utility which allows system administrators t...
Relative Path Traversal
Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Relative Path Traversal via improper enforcement of server.fs settings. An attacker can access arbitrary HTML files on the server by sending crafted requests to the preview...
sudo: LPE via host option
A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...
Security update for sudo
This update for sudo fixes the following issues: CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275 Patch Instructions: To install this SUSE update use the SUSE recommend...
SUSE-SU-2025:20478-1 Security update for sudo
This update for sudo fixes the following issues: - CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 - CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275...
CLSA-2025-1751913478 sudo: Fix of CVE-2025-32462
CVE-2025-32462: fix Local Privilege Escalation vulnerability via host option...
sudo: LPE via host option
A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...
sudo: LPE via host option
A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...
sudo: LPE via host option
A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option -h or --host. When using the default sudo security policy plugin sudoers, the host option is intended to be used in conjunction with t...
Security update for sudo
This update for sudo fixes the following issues: CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275 Patch Instructions: To install this SUSE update use the SUSE recommend...
SUSE-SU-2025:20489-1 Security update for sudo
This update for sudo fixes the following issues: - CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 - CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275...