Lucene search
K

13333 matches found

CVE
CVE
added 2026/06/30 8:59 a.m.13 views

CVE-2025-7406

CVE-2025-7406 affects Nokia MantaRay NM. A local privilege escalation allows an admin with local privileges to gain root access, yielding root filesystem control and full actions as root. Mitigation mentioned: temporarily restrict the set of commands permitted via sudo for affected accounts. No s...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 8:59 a.m.6 views

EUVD-2025-210371

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative local admin privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute...

7.8CVSS5.9AI score0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:59 a.m.32 views

CVE-2025-7406 A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative local admin privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute...

0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54437

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Command injection exists in the ms service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An...

10CVSS6.2AI score0.03081EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54438

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description An unauthenticated remote attacker can execute arbitrary commands with root-level privileges on the underlying system. This occurs because the debug.pl script processes...

10CVSS6.1AI score0.03074EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/06/30 12:0 a.m.3 views

The vulnerability of the Endpoint Manager Mobile app for managing the lifecycle of mobile devices and mobile applications (formerly known as MobileIron Core) arises from the lack of measures taken to neutralize specific elements. This allows a malicious user to execute arbitrary commands on behalf of the root user.

The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and mobile applications formerly known as MobileIron Core is related to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows a...

9CVSS6.1AI score0.01634EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/29 9:16 p.m.18 views

CVE-2026-34594

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitra...

8.8CVSS0.01092EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 8:21 p.m.46 views

CVE-2026-34594 Coolify: Authenticated Remote Code Execution via Command Injection in Destination Network Management

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Network Management functionality allows users with destination management permissions to execute arbitra...

8.8CVSS0.01092EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 7:16 p.m.8 views

CVE-2026-58000

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS0.01401EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 7:16 p.m.9 views

CVE-2026-57999

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS0.01179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 6:16 p.m.6 views

CVE-2026-57999 luci-app-tailscale-community - Command Injection via tailscale.do_login RPC

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 6:16 p.m.32 views

CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS0.01401EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 6:16 p.m.27 views

CVE-2026-58000

The vulnerability CVE-2026-58000 affects luci-proto-openvpn up to version 0.11.1. The root cause is a command injection in the generateKey ubus method where the cl_meta parameter is interpolated into a shell command without proper escaping or quoting, enabling an authenticated LuCI user with Open...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 6:16 p.m.9 views

CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 6:16 p.m.6 views

EUVD-2026-40171

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-316 cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

Summary utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Details utils.py getsharedsecret: def getsharedsecret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree o...

9.8CVSS7.3AI score0.03948EPSS
Exploits6References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53682

Name of the Vulnerable Software and Affected Versions luci-app-tailscale-community affected versions not specified Description An issue in the tailscale.do login RPC method allows authenticated users to execute arbitrary commands with root privileges. This occurs because the loginserver and...

8.8CVSS6.1AI score0.01179EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-9640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restricti...

7.2CVSS6AI score0.00342EPSS
Exploits1References2
CNVD
CNVD
added 2026/06/27 12:0 a.m.4 views

OpenBSD Resource Management Vulnerability (CNVD-2026-26371)

OpenBSD is a Unix-like operating system that focuses on security and code quality. There is a resource management vulnerability in OpenBSD. This vulnerability stems from the use of the syssem.get function in sys/kern/sysvsem.c, where a memory error occurs due to a context switch after tsleep. An...

7.8CVSS6AI score0.00116EPSS
Exploits0
OSV
OSV
added 2026/06/26 7:13 p.m.5 views

GHSA-F6M5-XW2G-XC4X Incus has an arbitrary file write on its client due to trusted image hash

Summary An arbitrary file write exists in the Incus client when a malicious image server returns a crafted Incus-Image-Hash header. This can lead to arbitrary command execution as root on the server. Details - cmd/incusd/images.go:611-684 handles source.type=url by HEADing the user-supplied URL,...

9.9CVSS6.2AI score
Exploits0References2
Rows per page
Query Builder