CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

CVE-2026-35535

CVE-2026-35535 affects Sudo up to 1.9.17p2, before the patch identified as 3e474c2. A failure in a setuid/setgid/setgroups call during privilege drop prior to invoking the mailer is not fatal and can lead to local privilege escalation. The vulnerability is restricted to local attackers with exist...

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

Sudo 安全漏洞

Sudo is a program developed by the Sudo Project, open source, designed for use in Unix-like systems. It allows users to execute commands with special permissions in a secure manner. Versions of Sudo 1.9.17p2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the...

Exploit for Improper Handling of Exceptional Conditions in Sudo_Project Sudo

🐧 Linux Privilege Escalation Structured notes from the TCM...

CVE-2026-33765

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

EUVD-2026-16781

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

CVE-2026-33765

Summary: Pi-hole Admin Interface (web) prior to 6.0 contains a critical OS command injection in savesettings.php. The vulnerability arises from unsanitized user-controlled $_POST['webtheme'] being concatenated into a system command executed via PHP’s exec(), with the command running under sudo pr...

New Ghost Campaign Uses Fake npm Progress Bars to Phish Sudo Passwords

ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers...

PT-2026-28535

Name of the Vulnerable Software and Affected Versions Pi-hole versions prior to 6.0 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole ad and internet tracker blocking application, contains an OS Command Injection issue in the savesettings.php file. The application...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 The principle is fairly simple: the -R option i...

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 – Sudo Buffer Overflow Linux Baron Samedit...

Exploit for OS Command Injection in Nagios Nagios_Xi

Nagios-CVE-2019-15949-RCE-Poc a python PoC for the CVE-2019-15...

EulerOS Virtualization 2.12.1 : sudo (EulerOS-SA-2026-1465)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...

Ubuntu: Security Advisory (USN-8092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2026-1522)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2026-1465)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.0 : sudo (EulerOS-SA-2026-1522)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...