CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

EUVD-2019-11011

Malware in sbrugna...

EUVD-2024-23291

Malicious code in bioql PyPI...

PHOENIX CONTACT CHARX SEC 输入验证错误漏洞

The PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. The PHOENIX CONTACT CHARX SEC suffers from an input validation error vulnerability that originates from a local attacker who can exploit a vulnerable script via SSH and elevate privileges to root due...

CVE-2024-25995

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...

PT-2024-36376 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 Description: A logic issue was addressed with improved restrictions. A malicious app may be able to gain root privileges. Recommendations: For versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the...

Exploit for Race Condition in Apple Ipados

macOS LPE CVE-2023-32413 / ZDI-23-845 / Pwn2Own Vancouver 202...

Vulnerability fixed in Fortinet products

Vulnerabilities have been fixed in several products from Fortinet. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...

Amazon Kindle Vulnerable to Malicious EBooks

A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed t...

Vulnerabilities fixed in Exim

Vulnerabilities have been fixed in Exim. Collectively, these vulnerabilities named "21nails." The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Remote code executio...

Netsweeper 4.0.9 - Arbitrary File Upload Execution

Netsweeper 4.0.9 - Arbitrary File Upload Execution +--------------------------------------------------------+ + Netsweeper 4.0.9 - Arbitrary File Upload and Execution + +--------------------------------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com...

Netsweeper 4.0.9 - Multiple Vulnerabilities

Exploit for php platform in category web applications Netsweeper 4.0.9 - Multiple Vulnerabilities +--------------------------------------------------------+ + Netsweeper 4.0.9 - Arbitrary File Upload and Execution + +--------------------------------------------------------+ Affected Product:...

Unspecified Elevation of Privilege Vulnerability in Cisco Unified Communications Manager

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. An elevation of privilege vulnerability exists in Cisco Unified Communications Manager that allows a local attacker to inject malicious parameters and execute with root privileges, due to the...

NIBE heat pump RCE exploit

No description provided by source. !/usr/bin/python import socket,sys,os,base64 NIBE heat pump RCE exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Web interface is running with root rights def fingerheatpumpip, port: s = socket.socketsocket.AFINET, socket.SOCKSTREAM...

NIBE heat pump - Remote Code Execution

NIBE heat pump - Remote Code Execution !/usr/bin/python import socket,sys,os,base64 NIBE heat pump RCE exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Web interface is running with root rights def fingerheatpumpip, port: s = socket.socketsocket.AFINET, socket.SOCKSTREAM...

NIBE heat pump - Remote Code Execution

!/usr/bin/python import socket,sys,os,base64 NIBE heat pump RCE exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Web interface is running with root rights def fingerheatpumpip, port: s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connectip, port s.send"GET /...