Lucene search
K

1278 matches found

NVD
NVD
added 2026/02/11 11:16 p.m.6 views

CVE-2026-20610

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges...

7.8CVSS0.00198EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.4 views

Crontab Privilege Escalation

Two group crontab to root privilege separation bypasses were found. This is older research from 2017 that was missing from the archive...

5.5AI score
Exploits0
OSV
OSV
added 2026/02/06 4:47 p.m.3 views

CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...

5.8AI score0.00173EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/04 4:11 p.m.30 views

CVE-2026-20098 Cisco Meeting Management Arbitrary File Upload Vulnerability

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in...

8.8CVSS0.00384EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-5774

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.2.1c3 Brocade Fabric OS versions 9.2.2 through 9.2.2b Description A flaw exists in Brocade Fabric OS that could allow a locally authenticated user to gain root privileges. This is achieved by utilizing the...

8.5CVSS5.5AI score0.00126EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: python3 (CVE-2023-6507)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6507 advisory. - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython...

6.1CVSS5.7AI score0.01326EPSS
Exploits0References2
Cisco
Cisco
added 2026/01/21 4:0 p.m.20 views

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could...

8.2CVSS6.2AI score0.04307EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003423 advisory. The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which...

7.8CVSS6.8AI score0.0596EPSS
Exploits13References28
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.4 views

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

9.8CVSS7.2AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:13 p.m.6 views

CVE-2018-9105

NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately...

9CVSS7.6AI score0.02744EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.5 views

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

8.8CVSS7.1AI score0.00415EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.8 views

CVE-2021-22386

A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges...

7CVSS6.8AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.11 views

CVE-2020-7468

In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd8 bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the...

9CVSS6.8AI score0.0135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.18 views

CVE-2020-12487

Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege...

7CVSS7.2AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.6 views

CVE-1999-0405

A buffer overflow in lsof allows local users to obtain root privilege...

7.2CVSS7.1AI score0.00755EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.9 views

CVE-1999-0406

Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege...

7.2CVSS7.2AI score0.004EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/02 7:19 p.m.228 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

Broker Machine Pentesting Report Target & Overview - Mac...

10CVSS8.4AI score0.99654EPSS
Exploits31
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.2 views

PT-2026-6750

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 Description The asterisk/contrib/scripts/ast coredumper script runs...

5.7AI score0.00173EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/30 7:15 p.m.24 views

CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root.

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

6.7CVSS0.0012EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/17 12:0 a.m.170 views

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

A critical privilege escalation vulnerability exists in Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below. This is a proof of concept exploit written in PHP...

9.8CVSS7.2AI score0.07285EPSS
Exploits5
Rows per page
Query Builder