CVE-2026-0757

MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...

EUVD-2015-3182

Malware in sbrugna...

firefox: thunderbird: Privilege escalation in Firefox Updater

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...

firefox: thunderbird: Privilege escalation in Firefox Updater

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...

firefox: thunderbird: Privilege escalation in Firefox Updater

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...

firefox: thunderbird: Privilege escalation in Firefox Updater

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...

firefox: thunderbird: Privilege escalation in Firefox Updater

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

Mozilla Firefox ESR < 115.23

The version of Firefox ESR installed on the remote Windows host is prior to 115.23. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-30 advisory. - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allo...

Mozilla Firefox ESR < 128.10

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-29 advisory. - Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memo...

Exploit for Improper Authentication in Microsoft

PoC exploit for CVE-2024-49039, a vulnerability in Windows Task...

(Pwn2Own) Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. An attacker must first obtain the ability to execute low-privileged code in the renderer process in order to exploit this vulnerability. The specific flaw exists within the SessionStore...

CVE-2023-42124

CVE-2023-42124 concerns Avast Premium Security. The flaw is in the sandbox feature’s implementation, caused by incorrect authorization, allowing a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code outside the sandbox, at medium integrity and high imp...

CVE-2020-12615

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...

CVE-2020-12615

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...

PT-2023-11471 · Beyondtrust · Beyondtrust Privilege Management For Windows

Name of the Vulnerable Software and Affected Versions: BeyondTrust Privilege Management for Windows versions through 5.6 Description: An issue was discovered in BeyondTrust Privilege Management for Windows. When adding the Add Admin token to a process and specifying that it runs at medium integri...

SUSE CVE-2014-8442

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity t...

SUSE CVE-2015-3101

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143...

Microsoft Windows Privilege Escalation Vulnerability

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity...