A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering a double-free error with high stability. This can then be leveraged to achieve local privilege escalationץ
ISPConfig contains design flaws in the user creation and editing functionality, which allow a client user to escalate their privileges to superadmin. Additionally, the language modification feature enables arbitrary PHP code injection due to improper input validation.
Multiple vulnerabilities were discovered in Foscam X5. These vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product.