82 matches found
CVE-2026-33765
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...
EUVD-2026-16781
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...
CVE-2026-33765
Summary: Pi-hole Admin Interface (web) prior to 6.0 contains a critical OS command injection in savesettings.php. The vulnerability arises from unsanitized user-controlled $_POST['webtheme'] being concatenated into a system command executed via PHP’s exec(), with the command running under sudo pr...
EUVD-2025-208368
A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...
CVE-2025-41761
A low‑privileged local attacker who gains access to the UBR service account e.g., via SSH can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries e.g., tcpdump and ip with sudo...
PT-2026-24031
Name of the Vulnerable Software and Affected Versions UBR affected versions not specified Description A local attacker with limited privileges who gains access to the UBR service account, for example through SSH, can escalate their privileges to achieve full system access. This is possible becaus...
Wing-FTP-Privilege-Escalation-Tar-Extraction-Exploit
Wing-FTP-Privilege-Escalation-Tar-Extraction-Exploit This...
GHSA-P8GP-2W28-MHWG Signal K set-system-time plugin vulnerable to RCE - Command Injection
Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...
Signal K set-system-time plugin vulnerable to RCE - Command Injection
Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...
CVE-2022-50927
Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricte...
CVE-2022-50927
Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricte...
CVE-2022-50927 Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation
Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricte...
CVE-2022-50927 Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation
Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricte...
PT-2026-2403
Name of the Vulnerable Software and Affected Versions Cyclades Serial Console Server version 3.3.0 Description The Cyclades Serial Console Server has a local privilege escalation issue. The problem stems from overly permissive sudo privileges granted to the admin user and admin group. An attacker...
Cyclades Serial Console Server 安全漏洞
Cyclades Serial Console Server is a serial console server appliance from Cyclades USA. A security vulnerability exists in Cyclades Serial Console Server version 3.3.0, which stems from overly lax sudo privileges that could lead to local elevation of privilege...
CVE-2024-41637
RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password...
CVE-2019-12147
The Sangoma Session Border Controller SBC 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to th...
EUVD-2025-199734
Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root...
EUVD-2021-10931
Malware in sbrugna...
EUVD-2020-5918
Malware in sbrugna...