Monthly
Local privilege escalation in IBM Netezza Performance Server Replication Services (versions 3.0.2.0 through 3.0.5.0) allows an already-authenticated, low-privileged user on the appliance to gain full root control. By abusing the over-privileged Replication Services component the attacker can execute root-level commands, spawn a root shell, reset the root password, alter or delete system-wide files, and plant persistent backdoors, resulting in complete loss of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and no EPSS score was supplied in the source data, so the issue currently reflects vendor-reported risk rather than observed exploitation.
Privilege escalation in Fission serverless platform versions through 1.22.0 allows function authors to read every Kubernetes Secret and ConfigMap in their function's namespace by abusing the fission-fetcher ServiceAccount token that is automounted into the user function container alongside the fetcher sidecar. The flaw violates the Function.spec.secrets allowlist contract and exposes TLS keys, OIDC client secrets, database credentials, and cloud provider credentials to any tenant who can deploy or update a Function. No public exploit identified at time of analysis, but exploitation is trivial for anyone with function-deploy rights.
Local privilege escalation in Broadcom Automic Automation Agent versions prior to 24.4.4 HF1 allows authenticated low-privileged users on Unix-family systems (Linux x64, Linux Power 64 BE/LE, zLinux, AIX, Solaris x64, Solaris Sparc 64) to abuse the agent's elevated privileges and target programs running with higher rights. The CVSS 4.0 score of 8.5 reflects high confidentiality, integrity, and availability impact achievable from a local foothold, with no public exploit identified at time of analysis.
Configuration manipulation in F5 BIG-IP and BIG-IQ Certificate Manager allows authenticated attackers with high privileges to execute arbitrary commands with scope change. Attackers holding Certificate Manager role credentials can modify configuration objects to run system commands, escalating from administrative interface access to underlying system control. CVSS 8.7 reflects the scope change (S:C) enabling broader impact than typical privileged command injection. No public exploit identified at time of analysis. F5 has released vendor patches per K000160972.
Authenticated administrators with Resource Administrator or Administrator role can execute arbitrary system commands with elevated privileges in F5 BIG-IP scripted monitors, potentially crossing security boundaries in appliance mode deployments. The vulnerability requires high privilege level and network access but allows complete command execution with no user interaction, affecting confidentiality and integrity.
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Local privilege escalation in Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 allows high-privileged attackers to execute code with unnecessary elevated privileges, potentially escalating to full system compromise. The vulnerability requires existing local access and high privilege level on the affected system; no public exploit has been identified at time of analysis.
Privilege escalation and OS command execution in CloudNativePG (CNPG) versions prior to 1.28.3 and 1.29.1 allow low-privileged PostgreSQL roles to gain superuser access and execute arbitrary commands inside the primary database pod. The metrics exporter connects as the postgres superuser and only demotes via SET ROLE, leaving session_user as superuser; an attacker who owns a database (including the default `app` role) can shadow unqualified identifiers like `current_database()` referenced in the stock `default-monitoring.yaml`, triggering the chain on the next scrape (≤30s). No public exploit identified at time of analysis, but the vulnerability is highly impactful (CVSS 9.4) and affects default deployments without custom metrics.
Privilege escalation in OpenC3 COSMOS allows low-privileged authenticated users to bypass API authorization and perform administrative actions by executing crafted Python or Ruby scripts via the Script Runner widget. Attackers can directly access Redis database (exposing secrets and configuration settings) and the MinIO buckets service (containing logs, configs, and plugins) due to unrestricted container-to-container network access in the Docker deployment. Vendor-released patch available in version 7.0.0-rc3 and confirmed in 7.0.0 stable release. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. CVSS 9.6 (Critical) with scope change reflects the container escape-like privilege boundary violation.
mpGabinet 23.12.19 and earlier suffers from privilege escalation due to excessive database privileges assigned to the application service account. An attacker with local access to extract database credentials from the application process memory gains administrative database access, enabling unauthorized actions beyond what the application interface permits. CVSS 6.9 indicates high confidentiality impact from local access without authentication; no active exploitation confirmed in CISA KEV at time of analysis.
Local privilege escalation in IBM Netezza Performance Server Replication Services (versions 3.0.2.0 through 3.0.5.0) allows an already-authenticated, low-privileged user on the appliance to gain full root control. By abusing the over-privileged Replication Services component the attacker can execute root-level commands, spawn a root shell, reset the root password, alter or delete system-wide files, and plant persistent backdoors, resulting in complete loss of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and no EPSS score was supplied in the source data, so the issue currently reflects vendor-reported risk rather than observed exploitation.
Privilege escalation in Fission serverless platform versions through 1.22.0 allows function authors to read every Kubernetes Secret and ConfigMap in their function's namespace by abusing the fission-fetcher ServiceAccount token that is automounted into the user function container alongside the fetcher sidecar. The flaw violates the Function.spec.secrets allowlist contract and exposes TLS keys, OIDC client secrets, database credentials, and cloud provider credentials to any tenant who can deploy or update a Function. No public exploit identified at time of analysis, but exploitation is trivial for anyone with function-deploy rights.
Local privilege escalation in Broadcom Automic Automation Agent versions prior to 24.4.4 HF1 allows authenticated low-privileged users on Unix-family systems (Linux x64, Linux Power 64 BE/LE, zLinux, AIX, Solaris x64, Solaris Sparc 64) to abuse the agent's elevated privileges and target programs running with higher rights. The CVSS 4.0 score of 8.5 reflects high confidentiality, integrity, and availability impact achievable from a local foothold, with no public exploit identified at time of analysis.
Configuration manipulation in F5 BIG-IP and BIG-IQ Certificate Manager allows authenticated attackers with high privileges to execute arbitrary commands with scope change. Attackers holding Certificate Manager role credentials can modify configuration objects to run system commands, escalating from administrative interface access to underlying system control. CVSS 8.7 reflects the scope change (S:C) enabling broader impact than typical privileged command injection. No public exploit identified at time of analysis. F5 has released vendor patches per K000160972.
Authenticated administrators with Resource Administrator or Administrator role can execute arbitrary system commands with elevated privileges in F5 BIG-IP scripted monitors, potentially crossing security boundaries in appliance mode deployments. The vulnerability requires high privilege level and network access but allows complete command execution with no user interaction, affecting confidentiality and integrity.
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
Local privilege escalation in Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 allows high-privileged attackers to execute code with unnecessary elevated privileges, potentially escalating to full system compromise. The vulnerability requires existing local access and high privilege level on the affected system; no public exploit has been identified at time of analysis.
Privilege escalation and OS command execution in CloudNativePG (CNPG) versions prior to 1.28.3 and 1.29.1 allow low-privileged PostgreSQL roles to gain superuser access and execute arbitrary commands inside the primary database pod. The metrics exporter connects as the postgres superuser and only demotes via SET ROLE, leaving session_user as superuser; an attacker who owns a database (including the default `app` role) can shadow unqualified identifiers like `current_database()` referenced in the stock `default-monitoring.yaml`, triggering the chain on the next scrape (≤30s). No public exploit identified at time of analysis, but the vulnerability is highly impactful (CVSS 9.4) and affects default deployments without custom metrics.
Privilege escalation in OpenC3 COSMOS allows low-privileged authenticated users to bypass API authorization and perform administrative actions by executing crafted Python or Ruby scripts via the Script Runner widget. Attackers can directly access Redis database (exposing secrets and configuration settings) and the MinIO buckets service (containing logs, configs, and plugins) due to unrestricted container-to-container network access in the Docker deployment. Vendor-released patch available in version 7.0.0-rc3 and confirmed in 7.0.0 stable release. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. CVSS 9.6 (Critical) with scope change reflects the container escape-like privilege boundary violation.
mpGabinet 23.12.19 and earlier suffers from privilege escalation due to excessive database privileges assigned to the application service account. An attacker with local access to extract database credentials from the application process memory gains administrative database access, enabling unauthorized actions beyond what the application interface permits. CVSS 6.9 indicates high confidentiality impact from local access without authentication; no active exploitation confirmed in CISA KEV at time of analysis.