Lucene search
K

408 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 12:21 p.m.10 views

Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/06/30 11:30 a.m.5 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6.4AI score0.0138EPSS
Exploits6References7
NVD
NVD
added 2026/06/18 7:16 p.m.12 views

CVE-2026-47833

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

6.9CVSS0.00125EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:30 p.m.7 views

CVE-2026-47833

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

6.9CVSS5.4AI score0.00125EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 6:30 p.m.21 views

CVE-2026-47833

The CVE-2026-47833 issue affects bpm-release (all versions prior to v1.4.30). A compromised process inside a bpm container can trigger setupBpmLogs to follow a symlink for bpm.log, then perform chown on a host file to the user vcap, enabling container-to-host privilege escalation via the host’s /...

6.9CVSS5.5AI score0.00125EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/06/16 7:2 p.m.221 views

Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure

This module exploits a race condition in the Linux kernel doexit teardown path affecting ptracemayaccess. During process termination, privileged file descriptors may remain accessible through pidfdgetfd after task-mm becomes NULL, allowing sensitive file disclosure from privileged SUID binaries...

7.8CVSS6.5AI score0.0138EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2026/06/09 1:49 p.m.16 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS5.8AI score0.0138EPSS
Exploits6References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-31927

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

4.9CVSS5.6AI score0.00354EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 10:8 p.m.10 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/06/04 9:47 p.m.14 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/06/04 9:24 p.m.12 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/06/03 4:14 p.m.8 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
NVD
NVD
added 2026/05/27 2:16 p.m.19 views

CVE-2026-36538

Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying...

7.3CVSS0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.8 views

CVE-2026-36538

Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying...

5.8AI score0.00301EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 6:6 a.m.63 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/05/21 6:10 p.m.10 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/05/21 12:41 p.m.8 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS6AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/05/20 11:40 p.m.10 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS5.8AI score0.0138EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2026/05/20 1:35 p.m.15 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.8CVSS5.8AI score0.0138EPSS
Exploits6References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in sudo

In Sudo version 1.8.29, the fact that a user has been blocked for example, by using the “!” character in the shadow file instead of a password hash is not taken into consideration. This allows an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

7.5CVSS6.7AI score0.02831EPSS
Exploits0References2
Rows per page
Query Builder