Lucene search
K

13251 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44712

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

8.2CVSS5.5AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-8603

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

9.8CVSS5.7AI score0.01317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-35085

A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...

8.8CVSS5.8AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-35083

A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root...

8.8CVSS5.8AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35084

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...

8.8CVSS5.8AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS5.8AI score0.01787EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 5:16 p.m.12 views

CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

8.7CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:30 p.m.9 views

GHSA-WM5R-5QP3-5VXF Authenticated Remote Code Execution via loadReader functionName code injection in DbGate

Summary DbGate is vulnerable to authenticated Remote Code Execution RCE. Any user with valid DbGate credentials can execute arbitrary OS commands as root by exploiting an unsanitized functionName parameter in the /runners/load-reader endpoint. The require = null mitigation is trivially bypassed v...

9.4CVSS6.7AI score0.00289EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:26 p.m.13 views

DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

5.5AI score0.00058EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/05 3:58 p.m.7 views

EUVD-2025-210077

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

8.7CVSS5.6AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 3:58 p.m.8 views

CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

8.7CVSS5.5AI score0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 3:58 p.m.4 views

CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

8.7CVSS5.5AI score0.00323EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/05 3:58 p.m.44 views

CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

8.7CVSS0.00323EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 11:16 a.m.9 views

CVE-2026-8914

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS0.00541EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 11:16 a.m.14 views

CVE-2026-50265

Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292...

0.00019EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/05 9:49 a.m.6 views

CVE-2026-50265

This CVE ID was assigned as a duplicate of CVE-2026-50292...

9.8CVSS5.4AI score0.00498EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/05 9:49 a.m.10 views

CVE-2026-50265

...

5.4AI score0.00019EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 9:49 a.m.11 views

CVE-2026-50265

A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device is removed. This...

5.7AI score0.00019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 9:36 a.m.5 views

CVE-2026-8914

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS5.5AI score0.00541EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/06/05 9:36 a.m.9 views

EUVD-2026-34794

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user...

8.4CVSS5.5AI score0.00541EPSS
Exploits0References1
Rows per page
Query Builder