Tag: priv-esc

All items tagged priv-esc.

• UPDATE: DirtyClone Linux kernel LPE (CVE-2026-43503) now has a confirmed working exploit on default Debian/Fedora
  in 2026-06-30
• CVE-2026-20245 — Cisco Catalyst SD-WAN Manager: Mandiant reconstructs the full zero-day chain
  in 2026-W26
• CVE-2026-43503 (DirtyClone) and CVE-2026-46331 (pedit COW) — Linux kernel LPE with public weaponised PoCs
  in 2026-W26
• CVE-2026-58053 — Gitea `act_runner` Docker backend: container-hardening bypass to host escape (public PoC, ENISA-critical)
  in 2026-W26
• CVE-2026-58053 — Gitea `act_runner` Docker backend: container-hardening bypass to host escape (CVSS 9.4, public PoC)
  in 2026-06-28
• CVE-2026-43503 — Linux kernel "DirtyClone": page-cache corruption via XFRM/IPsec skb cloning (working PoC)
  in 2026-06-27
• CVE-2026-46331 — Linux kernel "pedit COW": out-of-bounds write in the tc act_pedit module (public weaponised PoC)
  in 2026-06-27
• UPDATE: Mandiant documents the full Cisco Catalyst SD-WAN exploitation chain — CSV-injection to a root backdoor
  in 2026-06-27
• UPDATE: Mandiant publishes the forensic reconstruction behind Cisco SD-WAN Manager CVE-2026-20245
  in 2026-06-26
• CVE-2026-54420 — LiteSpeed cPanel/WHM plugin: symlink-following on shared hosting, exploited (CISA KEV)
  in 2026-W25
• CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to root command execution
  in 2026-W25
• CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to authenticated root command execution
  in 2026-06-19
• UPDATE: Nightmare/Chaotic Eclipse zero-day wave — the Defender LPE now carries a CVE, a public PoC, and Microsoft's "Exploitation More Likely" rating, with no patch
  in 2026-06-19
• BSI flags 13 vulnerabilities patched in Zammad 7.1 — admin privilege escalation in a DACH public-sector helpdesk platform
  in 2026-06-18
• CVE-2026-54420 — LiteSpeed cPanel/WHM plugin: symlink-following on shared hosting, exploited in the wild (CISA KEV)
  in 2026-06-16
• Obsidian Security: a three-CVE chain turns any LiteLLM user into root on the AI gateway
  in 2026-06-16
• "RoguePlanet" Microsoft Defender zero-day: TOCTOU race in the scan engine yields a SYSTEM shell, no CVE, no patch
  in 2026-06-11
• CVE-2026-47344 et al. — TYPO3 core June release: 13 CVEs across every supported branch (10.4 ELTS → 14.3 LTS)
  in 2026-06-10
• Exodus Intelligence publishes working exploit for a one-character Linux kernel nf_tables use-after-free (CVE-2026-23111)
  in 2026-06-09
• CVE-2026-20245 — Cisco Catalyst SD-WAN Manager: no-patch zero-day chain confirmed to push malicious configs to edge devices
  in 2026-W23
• Keycloak 26.6.3 — 16 CVEs in the EU public sector's reference IAM, led by token-exchange privilege escalation and SSRF [SINGLE-SOURCE vendor advisory]
  in 2026-W23
• CVE-2026-20245 — Cisco Catalyst SD-WAN Manager: actively-exploited command-injection to root (no patch)
  in 2026-06-06
• CVE-2026-8206 + CVE-2026-8181 — Kirki and Burst Statistics WordPress plugins: unauthenticated account takeover under active mass-exploitation
  in 2026-06-04
• CVE-2026-20230 — Cisco Unified Communications Manager: unauthenticated SSRF to OS-root file write
  in 2026-06-04
• CVE-2025-48595 — Android Framework: actively-exploited integer-overflow privilege escalation
  in 2026-06-03
• CVE-2026-44939 (+ CVE-2026-41052, CVE-2026-41053) — SUSE Rancher: command injection on cluster import, PSA label privilege-escalation, GitHub-App over-inclusive team membership
  in 2026-05-29
• CVE-2026-44848 & CVE-2026-44849 — Portainer CE: Docker plugin endpoints unguarded; Swarm-service security checks bypassed (CVSS 9.4)
  in 2026-05-29
• CVE-2026-48172 — LiteSpeed User-End cPanel plugin: authenticated cPanel user to root via `lsws.redisAble`, actively exploited
  in 2026-05-24
• Atos TRC: "hardware-gated" Windows drivers can be made BYOVD-exploitable in software
  in 2026-05-24
• CVE-2026-42822 — Microsoft Azure Local Disconnected Operations (ALDO): CVSS 10.0 unauthenticated network elevation-of-privilege, "Exploitation More Likely"
  in 2026-05-21
• CVE-2026-41091 — Microsoft Defender Engine link-following EoP, actively exploited
  in 2026-05-20
• CVE-2026-31635 ("DirtyDecrypt") — Linux kernel RxGK page-cache write, public PoC; Fedora, Arch, openSUSE Tumbleweed affected
  in 2026-05-20
• Microsoft Defender Engine CVE-2026-41091 + CVE-2026-45498 — both confirmed exploited in the wild; out-of-band engine update is the fix
  in 2026-W21
• Windows "Chaotic Eclipse" zero-day proliferation — YellowKey, GreenPlasma, MiniPlasma
  in 2026-W21
• CVE-2026-42822 — Azure Local Disconnected Operations: CVSS 10.0 unauthenticated network elevation-of-privilege
  in 2026-W21
• CVE-2026-48172 — LiteSpeed User-End cPanel plugin: authenticated cPanel user to root, actively exploited
  in 2026-W21
• CVE-2026-41225 — F5 BIG-IP / BIG-IQ: iControl REST Manager-role authenticated RCE (CVSS 4.0 score 8.6 / CVSS 3.1 score 9.1) leading the May 2026 Quarterly Notification
  in 2026-05-17
• CVE-2026-44112 / CVE-2026-44113 / CVE-2026-44115 / CVE-2026-44118 — OpenClaw "Claw Chain": four chainable flaws in autonomous-agent platform enable sandbox escape → credential leak → privilege escalation → file disclosure
  in 2026-05-16