Lucene search
K

44 matches found

NVD
NVD
added 2026/07/04 12:16 p.m.9 views

CVE-2026-12196

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 12:5 p.m.20 views

CVE-2026-12196

The CVE-2026-12196 entry describes a broken access control vulnerability in the HestiaCP panel cronjob feature. Low-privilege users can modify the panel cronjob to execute management scripts with passwordless sudo, enabling takeover of administrator users in the application and the underlying web...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/04 12:5 p.m.11 views

EUVD-2026-41671

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 12:5 p.m.36 views

CVE-2026-12196 HestiaCP Admin Takeover

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.10 views

PT-2026-55695

Name of the Vulnerable Software and Affected Versions HestiaCP affected versions not specified Description The panel cronjob feature contains a broken access control flaw. This allows users with low privileges to modify the panel cronjob to execute HestiaCP management scripts using passwordless...

8.3CVSS6AI score0.00256EPSS
Exploits0References8
NVD
NVD
added 2026/06/10 3:16 p.m.14 views

CVE-2026-45549

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 1:59 p.m.37 views

CVE-2026-45549 Roxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any host

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 1:59 p.m.7 views

CVE-2026-45549 Roxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any host

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS5.5AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/17 9:24 p.m.153 views

Exploit for OS Command Injection in Nagios Nagios_Xi

Nagios-CVE-2019-15949-RCE-Poc a python PoC for the CVE-2019-15...

9CVSS5.8AI score0.77741EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2025/11/18 6:2 p.m.5 views

CVE-2025-34323

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

8.5CVSS7.1AI score0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/17 5:48 p.m.4 views

CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

8.5CVSS6.7AI score0.0029EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/17 5:48 p.m.12 views

CVE-2025-34323 Nagios Log Server < 2026R1.0.1 Local Privilege Escalation via Writable Scripts and Sudo Rules

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

8.5CVSS0.0029EPSS
Exploits0References4
CVE
CVE
added 2025/11/17 5:48 p.m.34 views

CVE-2025-34323

Nagios Log Server is vulnerable in versions prior to 2026R1.0.1 due to an unsafe interaction between passwordless sudo rules and group-writable script directories. The www-data user is in the nagios group, which has write access to /usr/local/nagioslogserver/scripts, while scripts in that directo...

8.5CVSS7.6AI score0.0029EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/11/17 5:48 p.m.6 views

EUVD-2025-197844

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to unsafe interaction between sudo rules and file system permissions. The web server account is granted passwordless sudo access to certain maintenance scripts while also being a member of a group that...

8.5CVSS7.5AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.10 views

PT-2025-47192

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2026R1.0.1 Description Nagios Log Server versions prior to 2026R1.0.1 have a local privilege escalation issue. This is due to an unsafe interaction between sudo rules and file system permissions. The web...

8.5CVSS7.7AI score0.0029EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2025/11/10 12:0 a.m.185 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Ilevia EVE X1/X5 Server version 4.7.18.0.eden has a misconfiguration in the sudoers file that permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user www-data or accessible...

9.8CVSS8.4AI score0.07449EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2025/11/06 12:0 a.m.169 views

Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

9.8CVSS6AI score0.07449EPSS
Exploits3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-30266

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00251EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/30 1:3 p.m.11 views

CVE-2025-34217 Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...

10CVSS0.00697EPSS
Exploits1References4
Rows per page
Query Builder