Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36124 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration | |||||
| CVE-2025-49741 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | N/A | 7.5 HIGH |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-20112 | 2025-05-21 | N/A | 5.1 MEDIUM | ||
| A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor. | |||||
| CVE-2025-32955 | 2025-04-21 | N/A | N/A | ||
| Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0. | |||||
| CVE-2023-5839 | 1 Hestiacp | 1 Control Panel | 2023-11-08 | N/A | 7.8 HIGH |
| Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. | |||||
| CVE-2019-3844 | 3 Canonical, Netapp, Systemd Project | 7 Ubuntu Linux, Cn1610, Cn1610 Firmware and 4 more | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled. | |||||
| CVE-2023-0759 | 1 Agentejo | 1 Cockpit | 2023-02-16 | N/A | 8.8 HIGH |
| Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. | |||||