Lucene search
+L

4 matches found

osv
osv
added 2026/07/07 6:19 p.m.8 views

CVE-2026-59800 9Router < 0.4.44 - OS Command Injection via sudoPassword Parameter in Tailscale Install Endpoint

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.2CVSS6.3AI score0.01372EPSS
Exploits0References5
cvelist
cvelist
added 2025/08/25 4:22 p.m.11 views

CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...

8.8CVSS0.00433EPSS
Exploits0References3
osv
osv
added 2019/11/04 7:15 p.m.6 views

DEBIAN-CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process...

7.8CVSS7.2AI score0.00635EPSS
Exploits2References1
osv
osv
added 2017/05/05 7:12 a.m.2 views

USN-3276-1 shadow vulnerabilities

Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. CVE-2016-6252 Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other...

7.8CVSS6.3AI score0.00409EPSS
Exploits0References3
Rows per page
Query Builder