14 matches found
CVE-2026-48936
A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...
CVE-2026-45108
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...
GHSA-27VP-2MMC-VMH3 nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`
Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...
CloudNativePG 代码问题漏洞
CloudNativePG is an open-source platform developed by CloudNativePG for managing the entire lifecycle of PostgreSQL databases on Kubernetes. Versions of CloudNativePG prior to 1.29.1 and 1.28.3 contained code vulnerabilities. These vulnerabilities stemmed from the metric exporter using the pod’s...
Himmelblau 安全漏洞
Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions of Himmelblau from 2.0.0 to 3.1.5, as well as versions prior to 2.3.11, contained security vulnerabilities. These vulnerabilities stemmed from the tokenvalidate function, which did not verify wheth...
nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...
CVE-2022-33987
A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...
CVE-2022-31594
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...
CVE-2022-31594
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...
CVE-2022-31594
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...
SAP Adaptive Server Enterprise 安全漏洞
SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. An elevation of privilege vulnerability exists in SAP Adaptive Server Enterprise. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An attacker could use the vulnerabili...
CVE-2022-20011
In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
OpenJDK: loading of classes from untrusted locations (I18n, 8182601)
It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file...