CVE-2026-5752 CVE-2026-5752

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal...

PT-2026-32956

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.7 Description A flaw exists in the subtitle upload endpoint '/Videos/itemId/Subtitles' where the Format field is not validated. This allows path traversal via the file extension, enabling arbitrary file write...

EUVD-2026-21653

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2026-33727

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

EUVD-2024-55535

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

CVE-2026-33727

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

CVE-2024-14032

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

EUVD-2026-19291

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct...

CVE-2026-33727

Pi-hole 6.4 contains a local privilege escalation: attacker-controlled content in /etc/pihole/versions can be sourced by root-run Pi-hole scripts, enabling root code execution from the pihole user (nologin but not preventing code execution). The issue arises in a post-compromise scenario and is f...

Pi-hole 安全漏洞

Pi-hole is a web-level ad blocking application developed by Pi-hole Inc. Version 6.4 of Pi-hole contains a security vulnerability that stems from an increase in local privileges, potentially allowing root code to be executed from a low-privilege account...

CVE-2026-20097

CVE-2026-20097 affects the web-based management interface of Cisco IMC. An authenticated admin could trigger arbitrary code execution as root due to improper validation of user-supplied input, by sending crafted HTTP requests to the device. The impact is execution of code on the underlying OS as ...

NoMachine External Control of File Path Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of command li...

(Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of firewall rules. The issue results from failing to...

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-33201

The Digital Photo Frame GH-WDF10A from GREEN HOUSE CO., LTD. contains an active debug code vulnerability. Exploitation can read/write files or configurations on the device, or arbitrarily execute files with root privileges. CVSS data from the connected CVE entry indicates high impact on confident...

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : systemd vulnerabilities (USN-8119-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8119-1 advisory. It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to...

Ubuntu: Security Advisory (USN-8119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8119-2 systemd vulnerabilities

USN-8119-1 fixed vulnerabilities in systemd. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could...