EUVD-2025-209526

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

CVE-2025-70795

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

CVE-2025-70795

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

Safetica Application 安全漏洞

Safetica Application is a corporate data leakage prevention and endpoint behavior control software developed by Safetica, Inc. Version 11.11.4.0 of Safetica Application contains a security vulnerability. This vulnerability stems from insufficient validation during the call to the driver’s IOCTL...

Exploit for CVE-2023-52271

Disclaimer: This repository contains code that is provided stric...

EUVD-2025-206286

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver...

CVE-2025-68947

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver...

NSecKrnl driver terminates system processes with crafted IOCTL requests

RISK EVALUATION NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver. 2. RECOMMENDED PRACTICES Enable the Windows Vulnerable Driver...

PT-2026-2558

Name of the Vulnerable Software and Affected Versions NSecsoft NSecKrnl versions prior to January 2026 Description The NSecKrnl Windows driver contains a flaw that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes. This is...

EUVD-2025-27555

Malicious code in bioql PyPI...

EUVD-2023-56944

Malicious code in bioql PyPI...

CVE-2025-52915

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation Exploit

Exploit for windows platform in category local exploits VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading...

Injecting Code into Windows Protected Processes using COM - Part 2

Posted by James Forshaw, Project Zero In my previous blog I discussed a technique which combined numerous issues I’ve previously reported to Microsoft to inject arbitrary code into a PPL-WindowsTCB process. The techniques presented don’t work for exploiting the older, stronger Protected Processes...

Injecting Code into Windows Protected Processes using COM - Part 1

Posted by James Forshaw, Google Project Zero At Recon Montreal 2018 I presented “Unknown Known DLLs and other Code Integrity Trust Violations” with Alex Ionescu. We described the implementation of Microsoft Windows’ Code Integrity mechanisms and how Microsoft implemented Protected Processes PP. A...

CVE-2017-6186

Code injection vulnerability in Bitdefender Total Security 12.0 and earlier, Internet Security 12.0 and earlier, and Antivirus Plus 12.0 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a...

CVE-2017-5567

Code injection vulnerability in Avast Premier 12.3 and earlier, Internet Security 12.3 and earlier, Pro Antivirus 12.3 and earlier, and Free Antivirus 12.3 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process...