Lucene search
K

310 matches found

Debian CVE
Debian CVE
added 2025/11/06 8:2 p.m.4 views

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.5AI score0.00523EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/11/06 12:24 a.m.3 views

SUSE CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

7.8CVSS6.7AI score0.00523EPSS
Exploits1References28
Github Security Blog
Github Security Blog
added 2025/11/05 5:34 p.m.12 views

runc container escape with malicious config due to /dev/console mount and related races

Impact This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target namely, the bind-mount of /dev/pts/$n to /dev/console as configured for all containers that allocate a console. In runc version 1.0.0-rc3 and later...

8.4CVSS6.6AI score0.00523EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2025/11/05 9:0 a.m.3 views

UBUNTU-CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.6AI score0.00523EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2025/10/21 7:23 a.m.12 views

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-3527

Malware in sbrugna...

5.1CVSS6.4AI score0.07889EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-12927

Malware in sbrugna...

6.1CVSS6.3AI score0.01616EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-12929

Malware in sbrugna...

6.1CVSS6.3AI score0.01583EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-12926

Malware in sbrugna...

6.1CVSS6.3AI score0.01616EPSS
Exploits3References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-2129

Malware in sbrugna...

4.3CVSS6.4AI score0.04089EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-4893

Malware in sbrugna...

4CVSS7.5AI score0.01279EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/09/29 8:38 p.m.4 views

CVE-2025-34233

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a protection mechanism failure vulnerability within the filegetcontents function. When an administrator configures a printer’s hostname or...

8.5CVSS5.7AI score0.00554EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/24 12:28 a.m.11 views

CVE-2025-57602

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...

9.8CVSS7.7AI score0.00494EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.10 views

PT-2025-38731

Name of the Vulnerable Software and Affected Versions AiKaan IoT management platform affected versions not specified Description The AiKaan IoT management platform suffers from inadequate hardening of the proxyuser account and utilizes a shared, hardcoded SSH private key. This combination enables...

9.8CVSS7.3AI score0.00494EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/22 12:0 a.m.6 views

CVE-2025-57602

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...

7.4AI score0.00494EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2014-7970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which...

5.5CVSS6.3AI score0.00673EPSS
Exploits1References2
Fedora
Fedora
added 2025/08/12 12:57 a.m.9 views

[SECURITY] Fedora 42 Update: php-adodb-5.22.10-1.fc42

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

10CVSS7.3AI score0.00468EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/08/08 5:38 a.m.175 views

Exploit for Code Injection in Xwiki

📜 Description A critical RCE vulnerability exists in...

9.8CVSS8.1AI score0.99898EPSS
Exploits51
OSV
OSV
added 2025/07/21 6:15 p.m.4 views

CVE-2025-44654

In Linksys E2500 3.0.04.002, the chrootlocaluser option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

9.8CVSS5.8AI score0.01018EPSS
Exploits0References2
OSV
OSV
added 2025/07/21 4:15 p.m.4 views

CVE-2025-44655

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chrootlocaluser option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References2
Rows per page
Query Builder