Lucene search
K

87 matches found

Cvelist
Cvelist
added 2026/03/10 7:22 a.m.26 views

CVE-2026-2364 CODESYS Installer TOCTOU Privilege Escalation

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

7.3CVSS0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 7:22 a.m.4 views

CVE-2026-2364 CODESYS Installer TOCTOU Privilege Escalation

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

7.3CVSS5.8AI score0.00084EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 7:22 a.m.22 views

CVE-2026-2364

CVE-2026-2364 affects the CODESYS Installer (part of the CODESYS Development System). A TOCTOU race condition in the installer allows a low-privileged local attacker, who can trigger a self-update prompt or start an installation, to obtain elevated rights. The CVSS v3.1 base metrics indicate loca...

7.3CVSS5.8AI score0.00084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.9 views

PT-2026-24180

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

7.3CVSS5.8AI score0.00084EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:22 p.m.4 views

GHSA-5RMX-256W-8MJ9 WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level

Privilege Escalation to Admin via User Self-Update in wg-portal Summary Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up...

8.8CVSS5.6AI score0.00306EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/26 10:22 p.m.10 views

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level

Privilege Escalation to Admin via User Self-Update in wg-portal Summary Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up...

8.8CVSS5.5AI score0.00306EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/10/16 7:0 p.m.6 views

CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

8.8CVSS0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13038

Malware in sbrugna...

6.1CVSS6.2AI score0.05273EPSS
Exploits4References4
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.109 views

📄 Ivanti Endpoint Manager DLL Hijacking / Privilege Escalation

The EPM Security Scan Vulscan Self Update is vulnerable to DLL hijacking. When it is installed on a client machine, by default, it creates a scheduled task as SYSTEM that when run, tries to load non-existent ZIP files from ProgramData. A malicious DLL can be inserted into one of the ZIP files whi...

7.8CVSS7.6AI score0.00388EPSS
Exploits1
FreeBSD
FreeBSD
added 2024/02/08 12:0 a.m.27 views

Composer -- Code execution and possible privilege escalation

Copmposer reports: Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php. Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions...

8.8CVSS8.2AI score0.00273EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/03/10 2:2 p.m.59 views

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

1.9AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2021/09/21 12:0 a.m.64 views

Security update for php-composer (important)

openSUSE Security Update: Security update for php-composer Announcement ID: openSUSE-SU-2021:1289-1 Rating: important References: 1185376 1187416 Cross-References: CVE-2021-29472 CVSS scores: CVE-2021-29472 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15...

8.8CVSS9AI score0.04849EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2021/08/05 2:16 p.m.65 views

Black Hat: Charming Kitten Leaves More Paw Prints

LAS VEGAS – The suspected Iranian threat group that IBM Security X-Force calls ITG18 and which overlaps with the group known as Charming Kitten keeps leaving a trail of paw prints. The latest: a custom Android backdoor dubbed “LittleLooter” – used exclusively by the threat actor, as far as...

6.6AI score
Exploits0References20
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/26 9:5 p.m.27 views

Security Bulletin: wscanhw and wscansw vulnerabilities in scanner component of IBM License Metric Tool v9, v7.5, 7.2.2, IBM Endpoint Manger for Software Use Analysis v9 and IBM Tivoli Asset Discovery for Distributed v7.5, v7.2.2

Summary CIT scanner component contains format string vulnerability in wscanhw executable and stack overflow vulnerability in wscansw executable. Successful exploitation of the vulnerabilities allows for scanner process manipulation, and possibly crashing the process. Vulnerability Details CVEID:...

5CVSS0.7AI score0.01256EPSS
Exploits0Affected Software1
Kitploit
Kitploit
added 2020/09/12 8:30 p.m.48 views

Some-Tools - Install And Keep Up To Date Some Pentesting Tools

Some-Tools Why I was looking for a way to manage and keep up to date some tools that are not include in Kali-Linux. For exemple, I was looking for an easy way to manage privilege escalation scripts. One day I saw sec-tools from eugenekolo which you can see at the bottom of the page and it gave me...

7.5AI score
Exploits0References50
ThreatPost
ThreatPost
added 2020/07/24 6:48 p.m.38 views

DJI Drone App Riddled With Privacy Issues, Researchers Allege

Leading commercial drone maker DJI is hitting back against researcher allegations that its Android mobile application is riddled with privacy holes. One includes that the app continues to run in the background even after it’s been closed and collects sensitive data from users without consent. The...

6.8AI score
Exploits0References8
Kitploit
Kitploit
added 2019/12/21 8:30 p.m.1071 views

OKadminFinder - Admin Panel Finder / Admin Login Page Finder

OKadminFinder: Easy way to findadmin panel of site. Requirements Linux sudo apt install tor sudo apt install python3-socks optional pip3 install --user -r requirements.txt Windows download tor expert bundle pip3 install -r requirements.txt Usage Preview Linux git clone...

7.3AI score
Exploits0References3
NVD
NVD
added 2018/12/26 6:29 p.m.17 views

CVE-2018-20484

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation...

6.1CVSS6AI score0.05273EPSS
Exploits4References2
OSV
OSV
added 2018/12/26 6:29 p.m.4 views

CVE-2018-20484

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation...

6.1CVSS5.8AI score0.05273EPSS
Exploits4References2
Prion
Prion
added 2018/12/26 6:29 p.m.14 views

Information disclosure

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation...

4.3CVSS5.9AI score0.05273EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder