PT-2025-3895 · Libretro · Retroarch

Name of the Vulnerable Software and Affected Versions: libretro RetroArch versions up to 1.19.1 Description: A problematic issue has been found in the library profapi.dll of the component Startup, leading to an untrusted search path. The manipulation requires a local attack approach. The vendor w...

CVE-2025-0396

A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading t...

Ubuntu needrestart Privilege Escalation

Local attackers can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. Verified against Ubuntu 22.04 with needrestart 3.5-5ubuntu2.1 Attempted exploitation against Debian 12, expliotation failed...

CVE-2024-13206 REVE Antivirus reveinstall default permission

A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit...

CVE-2024-13188

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack...

CVE-2024-13188 MicroWorld eScan Antivirus Installation var default permission

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack...

CVE-2024-13188 MicroWorld eScan Antivirus Installation var default permission

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack...

CVE-2024-13188

CVE-2024-13188 affects MicroWorld eScan Antivirus 7.0.32 on Linux. The vulnerability stems from incorrect default permissions in the Installation Handler’s /opt/MicroWorld/var/ directory, enabling local access to manipulate permissions. Exploitation has been publicly disclosed. Remediation detail...

Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Subsequent user interaction on the...

Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2024-47398

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write...

PT-2025-2272 · V6 Da · V6 Da

Name of the Vulnerable Software and Affected Versions: V6 DA versions affected versions not specified Description: The issue is related to a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the...

CVE-2025-0222

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be...

CVE-2025-0222

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be...

CVE-2025-0222 IObit Protected Folder IOCTL IUProcessFilter.sys 0x8001E004 null pointer dereference

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be...

CVE-2025-0222

CVE-2025-0222 affects IObit Protected Folder up to v13.6.0.5. The vulnerability lies in the IOCTL Handler, specifically the function 0x8001E000/0x8001E004 in IUProcessFilter.sys, causing a local null pointer dereference. An exploit has been publicized and requires local access to trigger. Multipl...

CVE-2025-0221

A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached...

PT-2025-16201 · Assimp +1 · Assimp +1

Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp version 5.4.3 Description: A critical issue was found in the Open Asset Import Library Assimp, affecting the Assimp::MD3Importer::ValidateSurfaceHeaderOffsets function of the MD3Loader.cpp file in the File...

PT-2025-26568 · Sparklemotion +1 · Nokogiri +1

Name of the Vulnerable Software and Affected Versions: sparklemotion nokogiri versions up to 1.18.7 Description: A problem was found in the function hashmap set with hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached...

CVE-2024-55632

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...