79 matches found
CVE-2026-27750
Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...
CVE-2026-27750
Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...
CVE-2026-27748
Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...
CVE-2020-10143
Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriat...
EUVD-2025-204643
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...
CVE-2025-34290
Versa SASE Client for Windows versions 7.8.7–7.9.4 contain a local privilege escalation in the audit log export feature. The client passes user-controlled file paths to a privileged service, which performs file-system operations without impersonating the requesting user. A TOCTOU race condition c...
CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...
CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...
CVE-2025-13911
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...
CVE-2025-65842
The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...
CVE-2025-58482
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...
CVE-2025-58481
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...
CVE-2025-58482
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...
CVE-2025-58481
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...
EUVD-2025-200136
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...
EUVD-2025-200137
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...
CVE-2025-58481
CVE-2025-58481 affects Samsung MotionPhoto/Motion Photo feature with MPRemoteService prior to v4.1.51. The vulnerability arises from improper access control in MPRemoteService, allowing a local attacker with low privileges to start a privileged service. The CVE is documented across multiple feeds...
PT-2025-48599
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...
PT-2025-48600
Name of the Vulnerable Software and Affected Versions MotionPhoto versions prior to 4.1.51 Description An improper access control issue exists in the MPLocalService component of MotionPhoto. This allows local attackers to initiate a privileged service. Recommendations Update MotionPhoto to versio...
SAMSUNG MotionPhoto 安全漏洞
SAMSUNG MotionPhoto is a camera feature from Samsung South Korea. A security vulnerability exists in SAMSUNG MotionPhoto versions prior to 4.1.51 that stems from improper access control of the MPRemoteService, which could allow a local attacker to launch a privileged service...