CVE-2025-22231

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations...

CVE-2024-40635

CVE-2024-40635 affects containerd. A bug allows containers launched with a UID:GID that exceeds the 32‑bit signed integer max to overflow, causing the container to run as root (UID 0). Fixed in containerd releases: 1.6.38, 1.7.27, and 2.0.4. Workarounds include using only trusted images and restr...

CVE-2024-57790

IXON B.V. IXrouter IX2400 Industrial Edge Gateway v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from the use of a hard-coded password for the root account. An attacker exploiting this vulnerability...

CVE-2024-22237

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system...

CVE-2024-54751

Summary of CVE-2024-54751 (COMFAST CF-WR630AX v2.7.0.2): A hardcoded password in /etc/shadow allows attackers to log in as root. Affected product version is CF-WR630AX 2.7.0.2. The provided documents consistently identify the root cause as a hardcoded password stored in /etc/shadow, enabling full...

IBM Security Verify Access Access Control Error Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

CVE-2024-22237

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system...

CVE-2024-23618

An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root...

CVE-2023-27407

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as...

Command injection

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability...

D-Link DIR-2150 anweb action_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results...

TOTOLINK N600R Hardcoded Vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a hard-coded vulnerability that originates from the inclusion of a...

CVE-2020-25156 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...

Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A flaw in the Linux kernel has been discovered. If exploited, this flaw could allow a local attacker to gain privileges on targeted systems, allowing them to escape containers, execute arbitrary code, or cause a kernel pani...

CVE-2021-3029

EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer...

Docker Images Official Drupal Access Control Error Vulnerability

Docker is an open source application container engine from the American company Docker. It supports the creation of a container lightweight virtual machine and the deployment and running of applications on Linux systems, as well as the automated installation, deployment and upgrading of...

Remote code execution

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access...

CVE-2019-3695

CVE-2019-3695 is an improper control of code generation vulnerability in the packaging of PCP (Performance Co-Pilot) that, on affected SUSE/openSUSE and related builds, allows a local user to execute code as root by placing a script into /var/log/pcp/configs.sh. Affected products and PCP versions...

Petwant PF-103 and Petalk AI Data Forgery Issue Vulnerabilities

Petwant PF-103 is an automated pet feeder from Petwant Pet Products China.Petalk AI is an automated pet feeder with monitoring function. A data forgery issue vulnerability exists in Petalk AI and PF-103, which arises from the program's use of the unencrypted HTTP protocol to perform firmware...