1283 matches found
PT-2026-6750
Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 Description The asterisk/contrib/scripts/ast coredumper script runs...
CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root.
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation
A critical privilege escalation vulnerability exists in Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below. This is a proof of concept exploit written in PHP...
CVE-2025-67736
The FreePBX module tts Text to Speech for FreePBX, an open-source web-based graphical user interface GUI that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to t...
CVE-2025-43467
CVE-2025-43467 affects macOS Tahoe prior to 26.1. The vulnerability is an undercheck flaw that could allow an unprivileged app to gain root privileges via local access. Apple’s security content notes the fix is in macOS Tahoe 26.1 with improved checks; Red Hat/NVD entries corroborate a root-privi...
EUVD-2025-203095
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...
PT-2025-50728
Name of the Vulnerable Software and Affected Versions cPanel versions 110 through 132 Description A directory traversal issue exists within the Team Manager API. This allows for the overwriting of arbitrary files, potentially leading to privilege escalation to the root user. Recommendations Updat...
CVE-2025-66429
The CVE-2025-66429 issue affects cPanel versions 110–132, where a directory traversal in the Team Manager API can overwrite arbitrary files, enabling privilege escalation to root. Documented impact is high (CVE score 8.8). Exploitation status isn’t provided in the sources. Remediation guidance ap...
GHSA-QWCC-2R77-5W2F sd changes the group ownership of the source file
An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...
CVE-2025-65807
An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...
CVE-2025-65807
An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...
CVE-2025-65807
An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...
CVE-2025-65807
An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...
Linux Distros Unpatched Vulnerability : CVE-2025-65807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command. CVE-2025-65807 Note that Nessus relies on the...
CVE-2025-57489
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...
CVE-2025-57489
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...
CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...
Linux Distros Unpatched Vulnerability : CVE-2025-64507
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an...
CVE-2025-36186
CVE-2025-36186 affects IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server). In specific configurations, a local user could execute malicious code and escalate privileges to root due to unnecessary privileges running at a higher-than-minimum level. IBM and conne...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system executes on UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 versions 12.1.0 through 12.1.3, which stems from performing an unnecessarily...