PT-2026-49201

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

PT-2026-49285

Name of the Vulnerable Software and Affected Versions Microvirt MEmu Android Emulator version 9.2.7.0 Description A flaw in the MemuService.exe component allows a local attacker to perform a Windows Service Hijacking attack, leading to local privilege escalation to SYSTEM level. Recommendations A...

PT-2026-49190

Name of the Vulnerable Software and Affected Versions Ricoh Company, Ltd. printer drivers affected versions not specified KONICA MINOLTA JAPAN, INC. printer drivers affected versions not specified Description Multiple printer drivers contain a flaw that allows a user who has already logged into a...

PT-2026-49403

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

PT-2026-49501

Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...

CVE-2026-36213

The vulnerability CVE-2026-36213 affects Microvirt MEmu Android Emulator (Windows) up to version 9.2.7.0, in the MemuService.exe component. The issue enables local privilege escalation because the MemuSVC service runs with SYSTEM-level privileges while its binary is writable by a local user, allo...

PT-2026-49178

Name of the Vulnerable Software and Affected Versions DVDFab Virtual Drive version 2.0.0.5 Description Improper privilege management exists within the Signed Kernel Driver component, specifically affecting a function in the dvdfabio.sys library. This issue allows a local attacker to manipulate th...

PT-2026-49222

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

VulnCheck KEV: CVE-2026-39813

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests...

PT-2026-49492

Name of the Vulnerable Software and Affected Versions Amelia versions prior to 2.4 Description A privilege escalation issue exists where users with Subscriber roles can gain higher privileges. Recommendations Update to a version later than 2.3...

UBUNTU-CVE-2026-8632

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...

lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

Exploit for Improper Encoding or Escaping of Output in Cisco Catalyst_Sd-Wan_Manager

🚨 CVE-2026-20245 - Cisco Catalyst SD-WAN Manager Privilege Esc...

openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...

openSUSE 16 Security Update : grafana (openSUSE-SU-2026:20940-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20940-1 advisory. Changes in grafana: - CVE-2026-39821: Fix validation bypass and privilege escalation by updating golang.org/x/net to version 0.55.0 bsc1266600 -...

pac-exploits-priv

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulne...

kit-exploits-prv

Information Exploit Title: Local Privilege Escalation i...

CVE-2026-1291

CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...

CVE-2026-11769

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...

CVE-2026-11769 Operator - Namespaced User Path Traversal

We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templatin...