📄 OpenWrt 23.05 Remote Code Execution

OpenWrt version 23.05 suffers from an authenticated remote code execution vulnerability. Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link:...

Linux Distros Unpatched Vulnerability : CVE-2023-22099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.12. Easily...

Adfinis Document Merge Service Security Vulnerability

Adfinis Document Merge Service is a merged document template service from Adfinis. A security vulnerability exists in Adfinis Document Merge Service versions 6.5.1 and earlier, which stems from a remote code execution attack that allows an attacker to conduct a remote code execution attack via...

PT-2024-27459

Name of the Vulnerable Software and Affected Versions Document Merge Service versions 6.5.1 and prior Description The issue allows for remote code execution via server-side template injection, which can result in full takeover of the affected system when executed as root. This gives an attacker...

PT-2023-32151 · Tiann · Kernelsu

Name of the Vulnerable Software and Affected Versions: tiann/kernelsu versions prior to 0.6.9 Description: The issue concerns incorrect authorization in the tiann/kernelsu GitHub repository. This allows for root takeover via signature spoofing. Recommendations: For versions prior to 0.6.9, update...

Root takeover via signature spoofing

Description When an app requests "CMDBECOMEMANAGER" via prctl, couple of checks done before promoting uid as root manager. Main check relies on requester's signature. Signature control is done in checkv2signature function in kernel\apksign.c, this function accepts both V2 and V3 signatures...