Lucene search
K

835 matches found

CVE
CVE
added 2025/12/23 9:17 p.m.12 views

CVE-2025-14491

CVE-2025-14491 affects RealDefense SUPERAntiSpyware. The issue resides in the SAS Core Service and is caused by an exposed dangerous function, enabling a local attacker who can run low-privileged code to escalate privileges to SYSTEM and execute arbitrary code. The vulnerability is tied to ZDI ad...

7.8CVSS7.8AI score0.00171EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/19 9:5 p.m.23 views

CVE-2023-53947 OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

8.5CVSS0.00135EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/19 9:5 p.m.6 views

EUVD-2025-204595

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

8.5CVSS6.8AI score0.00135EPSS
Exploits0References4
CVE
CVE
added 2025/12/19 9:5 p.m.12 views

CVE-2023-53946

Affected software: Arcsoft PhotoStudio 6.0.0.172. Vulnerability: unquoted service path in the ArcSoft Exchange Service that can be exploited by local attackers to escalate privileges by placing a malicious executable in the unquoted path, triggering code execution with system-level permissions. I...

8.5CVSS7.4AI score0.00135EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2025/12/09 12:0 a.m.6 views

Microsoft Windows win32kbase Out-Of-Bounds Access Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kbase...

8.8CVSS7.3AI score0.00663EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 2:34 a.m.11 views

CVE-2025-20774

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796...

0.00074EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/30 12:0 a.m.5 views

Logic Encryption: This Time for Real

Modern circuits face various threats like reverse engineering, theft of intellectual property IP, side-channel attacks, etc. Here, we present a novel approach for IP protection based on logic encryption LE. Unlike established schemes for logic locking, our work obfuscates the circuit's structure...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.214 views

📄 Microsoft Windows 10 21H2 / 22H2 Kernel Race Condition / Privilege Escalation

Proof of concept exploit for a kernel race condition in Microsoft Windows 10 versions 21H2 and 22H2. Combined with a double-free memory corrupt issue, it allows for privilege escalation...

7CVSS5.6AI score0.06073EPSS
Exploits6
Malwarebytes
Malwarebytes
added 2025/11/24 3:43 p.m.9 views

Matrix Push C2 abuses browser notifications to deliver phishing and malware

Cybercriminals are using browser push notifications to deliver malware and phishing attacks. Researchers at BlackFog described how a new command-and-control platform, called Matrix Push C2, uses browser push notifications to reach potential victims. When we warned back in 2019 that browser push...

6.4AI score
Exploits0
OSV
OSV
added 2025/11/06 11:15 p.m.4 views

CVE-2025-62630

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...

9.8CVSS6AI score0.00661EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 11:15 p.m.7 views

CVE-2025-62630

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...

9.8CVSS0.00661EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 10:27 p.m.11 views

CVE-2025-62630 Advantech DeviceOn/iEdge Path Traversal

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...

8.8CVSS0.00661EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 10:27 p.m.20 views

CVE-2025-62630

Summary (CVE-2025-62630 – Advantech DeviceOn/iEdge) : A path traversal vulnerability exists due to insufficient sanitization in the DeviceOn/iEdge dashboard label/path, enabling an unauthenticated attacker to upload a crafted configuration file, traverse directories, and trigger remote code execu...

9.8CVSS6.8AI score0.00661EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 5:1 p.m.10 views

CVE-2025-10885 Privilege Escalation Vulnerability

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

7.8CVSS6.9AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45390

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Insufficient sanitization allows an attacker to upload a specially crafted configuration file, leading to directory traversal and remote code execution with system-level permissions. Recommendations ...

8.7CVSS7.8AI score0.00695EPSS
Exploits0References6
CVE
CVE
added 2025/11/05 6:19 a.m.28 views

CVE-2025-62225

The vulnerability CVE-2025-62225 affects Sony Optical Disc Archive Software (Windows). The root cause is an unquoted Windows service path, which allows a user with write access to the system drive root to execute arbitrary code with SYSTEM privileges. Affected component is the Windows service reg...

8.4CVSS7.1AI score0.00151EPSS
Exploits0References2
OSV
OSV
added 2025/11/04 7:15 a.m.7 views

CVE-2025-20749

In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800...

6.7CVSS5.8AI score0.0008EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 7:15 a.m.8 views

CVE-2025-20736

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435347; Issue ID: MSV-404...

6.7CVSS0.00133EPSS
Exploits0References1
OSV
OSV
added 2025/11/04 7:15 a.m.5 views

CVE-2025-20730

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141...

6.7CVSS5.8AI score0.00073EPSS
Exploits0References1
Metasploit
Metasploit
added 2025/10/30 6:54 p.m.493 views

NCR Command Center Agent Remote Code Execution

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. The...

10CVSS8.1AI score0.87383EPSS
Exploits3
Rows per page
Query Builder