Lucene search
K

1904 matches found

NVD
NVD
added 2026/02/24 3:21 p.m.13 views

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS0.00655EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 1:52 p.m.4 views

CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS6.2AI score0.00655EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 1:52 p.m.19 views

CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS0.00655EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 1:52 p.m.3 views

CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS6AI score0.00655EPSS
Exploits0References4
CVE
CVE
added 2026/02/24 1:52 p.m.10 views

CVE-2026-27208

Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...

9.2CVSS6AI score0.00655EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.5 views

PT-2026-21750

Name of the Vulnerable Software and Affected Versions bleon-ethical/api-gateway-deploy version 1.0.0 Description The software is susceptible to an attack chain involving OS Command Injection and Privilege Escalation. Successful exploitation allows an attacker to execute arbitrary commands with ro...

9.2CVSS6.2AI score0.00655EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005128 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the...

7.8CVSS6.7AI score0.00249EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/26 7:58 p.m.11 views

CVE-2025-9615 Networkmanager: networkmanager file access

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3756

Name of the Vulnerable Software and Affected Versions GNU Inetutils versions 1.9.3 through 2.7 Description GNU Inetutils telnetd is vulnerable to a remote authentication bypass. An attacker can exploit this flaw by manipulating the USER environment variable, specifically by setting it to "-f root...

10CVSS7.9AI score0.98871EPSS
Exploits60References230
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.7 views

CVE-2023-49257

An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges...

8.8CVSS7.2AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.8 views

CVE-2018-4006

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker wou...

9.3CVSS6.9AI score0.0068EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.4 views

CVE-2019-16242

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...

7.2CVSS8AI score0.01123EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.11 views

CVE-2019-16730

processCommandUpgrade in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

10CVSS8.2AI score0.03733EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.6 views

CVE-2019-16735

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user...

10CVSS8.3AI score0.03394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.13 views

CVE-2022-27483

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...

7.2CVSS7.7AI score0.02116EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 7:16 p.m.12 views

CVE-2025-14739

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316...

7.7CVSS0.00189EPSS
Exploits0References4
CVE
CVE
added 2025/12/18 6:2 p.m.19 views

CVE-2025-14739

The CVE-2025-14739 entry describes an Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND routers. Affected devices are WR940N (≤ v5 3.20.1 Build 200316) and WR941ND (≤ v6 3.16.9 Build 151203). The issue allows local, unauthenticated attackers to cause a DoS and potentiall...

7.7CVSS7.5AI score0.00189EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/12/02 5:49 p.m.4 views

CVE-2025-65105

Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor: and --security=selinux: which otherwise put restrictions on operations that containers...

5.3CVSS6.9AI score0.00198EPSS
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.8 views

EUVD-2025-176592

Malicious code in root-user-await-validate-iota npm...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/06 4:41 p.m.8 views

CVE-2025-20358

A vulnerability in the Contact Center Express CCX Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authenticatio...

9.8CVSS7.8AI score0.00931EPSS
Exploits0References1
Rows per page
Query Builder