Lucene search
K

79 matches found

NVD
NVD
added 2026/03/05 3:16 p.m.14 views

CVE-2026-27750

Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...

7.8CVSS0.00102EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 3:16 p.m.6 views

CVE-2026-27750

Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...

7CVSS5.8AI score0.00102EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 3:16 p.m.9 views

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

7.8CVSS0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:35 a.m.10 views

CVE-2020-10143

Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriat...

7.8CVSS7.5AI score0.00592EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/20 9:30 p.m.5 views

EUVD-2025-204643

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS6.5AI score0.00095EPSS
Exploits0References3
CVE
CVE
added 2025/12/20 8:1 p.m.13 views

CVE-2025-34290

Versa SASE Client for Windows versions 7.8.7–7.9.4 contain a local privilege escalation in the audit log export feature. The client passes user-controlled file paths to a privileged service, which performs file-system operations without impersonating the requesting user. A TOCTOU race condition c...

8.5CVSS6.6AI score0.00095EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/20 8:1 p.m.4 views

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS6.6AI score0.00095EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/20 8:1 p.m.22 views

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS0.00095EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 9:15 p.m.6 views

CVE-2025-13911

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...

7.3CVSS0.00221EPSS
Exploits0References3
OSV
OSV
added 2025/12/03 5:15 p.m.5 views

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

5.1CVSS6AI score0.00146EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/03 2:2 p.m.6 views

CVE-2025-58482

Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.3CVSS6.5AI score0.00096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/03 2:2 p.m.7 views

CVE-2025-58481

Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.8CVSS6.5AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 2:15 a.m.5 views

CVE-2025-58482

Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.3CVSS0.00096EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 2:15 a.m.5 views

CVE-2025-58481

Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.8CVSS0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/02 1:24 a.m.7 views

EUVD-2025-200136

Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.3CVSS6AI score0.00096EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 1:24 a.m.6 views

EUVD-2025-200137

Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.3CVSS6AI score0.00095EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 1:24 a.m.16 views

CVE-2025-58481

CVE-2025-58481 affects Samsung MotionPhoto/Motion Photo feature with MPRemoteService prior to v4.1.51. The vulnerability arises from improper access control in MPRemoteService, allowing a local attacker with low privileges to start a privileged service. The CVE is documented across multiple feeds...

7.8CVSS6.1AI score0.00095EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48599

Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.3CVSS6.5AI score0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48600

Name of the Vulnerable Software and Affected Versions MotionPhoto versions prior to 4.1.51 Description An improper access control issue exists in the MPLocalService component of MotionPhoto. This allows local attackers to initiate a privileged service. Recommendations Update MotionPhoto to versio...

7.3CVSS6.2AI score0.00096EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.7 views

SAMSUNG MotionPhoto 安全漏洞

SAMSUNG MotionPhoto is a camera feature from Samsung South Korea. A security vulnerability exists in SAMSUNG MotionPhoto versions prior to 4.1.51 that stems from improper access control of the MPRemoteService, which could allow a local attacker to launch a privileged service...

7.8CVSS6.3AI score0.00095EPSS
Exploits0References2
Rows per page
Query Builder