Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

737 matches found

Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.1 views

PT-2026-34486

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.7AI score0.00014EPSS
Exploits1References2
OSV
OSVadded 2026/04/17 12:59 p.m.2 views

OESA-2026-1908 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...

7.8CVSS5.8AI score0.00006EPSS
Exploits0References2
OSV
OSVadded 2026/04/16 12:52 p.m.0 views

SUSE-SU-2026:21252-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

7.8CVSS5.2AI score0.00006EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-35385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performe...

8.1CVSS5.8AI score0.00067EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/04/03 1:56 p.m.1 views

CVE-2026-35535

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.4CVSS5.9AI score0.00006EPSS
Exploits0References7
EUVD
EUVDadded 2026/04/03 3:31 a.m.4 views

EUVD-2026-18571

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.4CVSS5.9AI score0.00006EPSS
Exploits0References5
NVD
NVDadded 2026/04/03 3:16 a.m.4 views

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS0.00006EPSS
Exploits0References6
OSV
OSVadded 2026/04/03 3:16 a.m.1 views

DEBIAN-CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS5.3AI score0.00006EPSS
Exploits0References1
OSV
OSVadded 2026/04/03 3:16 a.m.0 views

UBUNTU-CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS5.8AI score0.00006EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/04/03 2:21 a.m.18 views

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.4CVSS0.00006EPSS
Exploits0References4
CVE
CVEadded 2026/04/03 2:21 a.m.48 views

CVE-2026-35535

CVE-2026-35535 affects Sudo up to 1.9.17p2, before the patch identified as 3e474c2. A failure in a setuid/setgid/setgroups call during privilege drop prior to invoking the mailer is not fatal and can lead to local privilege escalation. The vulnerability is restricted to local attackers with exist...

7.8CVSS5.9AI score0.00006EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/04/02 6:31 p.m.3 views

EUVD-2026-18398

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS5.8AI score0.00067EPSS
Exploits0References4
OSV
OSVadded 2026/04/02 5:16 p.m.3 views

DEBIAN-CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.2AI score0.00067EPSS
Exploits0References1
NVD
NVDadded 2026/04/02 5:16 p.m.3 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS0.00067EPSS
Exploits0References3
OSV
OSVadded 2026/04/02 5:16 p.m.2 views

ALPINE-CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.4AI score0.00067EPSS
Exploits0References1
OSV
OSVadded 2026/04/02 5:16 p.m.1 views

UBUNTU-CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.8AI score0.00067EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/02 4:30 p.m.10 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS5.8AI score0.00067EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2026/04/02 4:30 p.m.5 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.2AI score0.00067EPSS
Exploits0References3
CVE
CVEadded 2026/04/02 4:30 p.m.646 views

CVE-2026-35385

OpenSSH before 10.3 is affected. When using scp as root with -O (legacy protocol) and without -p, a downloaded file may be installed setuid or setgid, contrary to user expectations. This could enable privilege elevation per the cited advisories. Remediation: upgrade to OpenSSH 10.3p1 or later (as...

8.1CVSS5.8AI score0.00067EPSS
Exploits0References3Affected Software1
Snyk
Snykadded 2026/04/02 4:30 p.m.1 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions in the scp when the legacy protocol option -O is used by a root user without preserving original file permissions -p. An attacker can gain elevated privileges by supplying a malicious file that, when...

8.1CVSS6AI score0.00067EPSS
Exploits0References2
Rows per page
Query Builder