CVE-2026-33765

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

EUVD-2026-16781

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

EUVD-2025-208368

A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...

CVE-2025-41761

A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...

PT-2026-24031

Name of the Vulnerable Software and Affected Versions UBR affected versions not specified Description A local attacker with limited privileges who gains access to the UBR service account, for example through SSH, can escalate their privileges to achieve full system access. This is possible becaus...

Signal K set-system-time plugin vulnerable to RCE - Command Injection

Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...

GHSA-P8GP-2W28-MHWG Signal K set-system-time plugin vulnerable to RCE - Command Injection

Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...

CVE-2022-50927 Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricte...

PT-2026-2403

Name of the Vulnerable Software and Affected Versions Cyclades Serial Console Server version 3.3.0 Description The Cyclades Serial Console Server has a local privilege escalation issue. The problem stems from overly permissive sudo privileges granted to the admin user and admin group. An attacker...

CVE-2019-12147

The Sangoma Session Border Controller SBC 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to th...

EUVD-2020-6319

Malware in sbrugna...

EUVD-2020-5918

Malware in sbrugna...

CVE-2024-45173

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo...

CVE-2020-13695

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/.db or /etc/shadow file...

sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Summary Users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo. PoC The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2...

CVE-2025-46718

Summary: CVE-2025-46718 affects the Rust implementation of sudo-rs prior to 0.2.6. A limited sudo privilege (e.g., allowing a single command) can be exploited to enumerate the sudoers file using the -U flag, exposing sensitive information about other users’ permissions. This is a local attack wit...

CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

CVE-2024-45173

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo...

CVE-2024-45173

The CVE-2024-45173 vulnerability affects za-internet C-MOR Video Surveillance (versions 5.2401 and 6.00PL01 per the various sources). It stems from improper privilege management of sudo privileges, allowing the web interface user (www-data) to execute certain OS commands as root without a root pa...

CVE-2024-45173

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo...