PT-2026-28535

Name of the Vulnerable Software and Affected Versions Pi-hole versions prior to 6.0 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole ad and internet tracker blocking application, contains an OS Command Injection issue in the savesettings.php file. The application...

CVE-2025-41761 Privilege escalation possible

A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...

CVE-2025-66620

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

CVE-2025-32955

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to disable-sudo bypass. Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemente...

CVE-2025-26701

An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...

PT-2024-27527 · Fprintd · Fprintd

Name of the Vulnerable Software and Affected Versions: fprintd versions 1.94.3 and earlier Description: The issue is related to the lack of a security attention mechanism in fprintd, which may lead to unexpected actions being authorized by auth sufficient pam fprintd.so for Sudo. This could...

sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

PT-2023-16898 · Unknown +2 · Apport-Cli +2

Name of the Vulnerable Software and Affected Versions: apport-cli versions 2.26.0 and earlier Description: A privilege escalation attack was found, similar to a known issue, which can be exploited by a local attacker if the system is specially configured. This configuration includes allowing...

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

CVE-2022-2104 Secheron SEPCOS Control and Protection Relay

The www-data Apache web server account is configured to run sudo with no password for many commands including /bin/sh and /bin/bash...

Exploit for Incorrect Authorization in Polkit_Project Polkit

Polkit D-Bus Authentication Bypass Exploit A vulnerability...

Polkit D-Bus Authentication Bypass Exploit

A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operati...

Polkit D-Bus Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'Polkit D-Bus Authentication Bypass', 'Description' = %q A vulnerability exists within the polkit system service that can be...

ECSIMAGING PACS 6.21.5 - Remote code execution

Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection...

GHSA-RGGQ-F2WF-M6CP Malicious Package in jajajejejiji

All versions of jajajejejiji typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

Security Bulletin: IBM Sterling Connect:Direct for UNIX Allows a User with Sudo Access Restricted to Certain Connect:Direct Executable Files to Expand Access Beyond the Restriction (CVE-2018-1903)

Summary UNIX system administrators may grant access to run certain executable files with expanded privilege via the sudo utility. Connect:Direct for UNIX has a vulnerability that could allow a user to escape this sudo executable file restriction and perform unauthorized commands with expanded...

CVE-2020-10286

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation...

sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer account

When an account is disabled via the shadow file, by replacing the password hash with "!", it is not considered disabled by sudo. And depending on the configuration, sudo can be run by using such disabled account...

CVE-2019-19234

When an account is disabled via the shadow file, by replacing the password hash with "!", it is not considered disabled by sudo. And depending on the configuration, sudo can be run by using such disabled account. Mitigation This flaw basically allows users which have disabled account in /etc/shad...