CVE-2025-66620

CVE-2025-66620 concerns Columbia Weather Systems MicroServer. Reports describe an unused webshell that allows unlimited login attempts and sudo rights on select files/directories. An attacker with admin access can gain a limited shell, enable persistence (reverse shells), and modify or remove fil...

Exploit for Out-of-bounds Write in Sudo_Project Sudo

Analysis of the CVE-2019-18634 https://www.exploit-db.com/explo...

CVE-2026-22536 PRIVILEGE ESCALATION VIA SUDO COMMAND

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

CVE-2026-22536 PRIVILEGE ESCALATION VIA SUDO COMMAND

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463...

CVE-2019-12147

The Sangoma Session Border Controller SBC 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to th...

PT-2026-1859

Name of the Vulnerable Software and Affected Versions MicroServer affected versions not specified Description An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell...

linux-privesc-audit-toolkit

Linux Privilege Escalation Automation Toolkit !Bannerscree...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Broker Machine Pentesting Report Target & Overview - Mac...

CVE-2025-69257 theshit vulnerable to unsafe loading of user-owned Python rules when running as root.

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

CVE-2025-69257

CVE-2025-69257 (theshit) is a local privilege escalation vulnerability in the command-line tool that loads Python rules/configs from user-writable locations (e.g., ~/.config/theshit/) without validating ownership/permissions when executed with elevated privileges. If invoked with sudo or EUID=0, ...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

wget https://raw.github...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

📌 CVE-2025-32463 — Sudo --chroot Local Privilege Escalation...

Exploit for Incorrect Authorization in Sudo_Project Sudo

CVE-2025-32462 – Sudo Hostname Bypass Privilege Escalation !...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2025-2600)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2025-2565)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.13.1 : sudo (EulerOS-SA-2025-2565)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...

EulerOS Virtualization 2.13.0 : sudo (EulerOS-SA-2025-2600)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...