CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

PT-2026-3788

Name of the Vulnerable Software and Affected Versions Cisco Intersight Virtual Appliance affected versions not specified Description A flaw exists in the read-only maintenance shell of the appliance that may allow a local attacker with administrative privileges to gain root access. This is caused...

CVE-2025-43890

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralizatio...

EUVD-2025-31589

Malicious code in bioql PyPI...

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...