Lucene search
K

4528 matches found

EUVD
EUVD
added 2025/12/24 12:30 a.m.31 views

EUVD-2025-205016

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2025/12/23 10:15 p.m.11 views

CVE-2025-14494

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 10:15 p.m.7 views

CVE-2025-14493

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS0.00172EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 10:15 p.m.6 views

CVE-2025-14491

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 9:41 p.m.3 views

CVE-2025-12838 MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.3CVSS7.2AI score0.00147EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 9:17 p.m.12 views

CVE-2025-14489

RealDefense SUPERAntiSpyware is affected by a Local Privilege Escalation vulnerability in the SAS Core Service caused by an exposed dangerous function. An attacker who can run low-privileged code can exploit this to gain SYSTEM privileges and execute arbitrary code. The advisory trail (ZDI-25-116...

7.8CVSS7.8AI score0.00171EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/23 9:16 p.m.11 views

CVE-2025-14495

RealDefense SUPERAntiSpyware is affected by CVE-2025-14495 due to an exposed dangerous function in the SAS Core Service that allows a local attacker who can run low-privileged code to escalate privileges and execute arbitrary code in the context of SYSTEM. Affected product: RealDefense SUPERAntiS...

7.8CVSS7.8AI score0.00172EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 11:29 a.m.2 views

CVE-2025-64994 Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate...

6.5CVSS7.6AI score0.00157EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/11 12:0 a.m.5 views

(0Day) PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.6CVSS7.6AI score0.00278EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/12/09 12:0 a.m.10 views

Microsoft Azure Virtual Desktop Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Virtual Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.4AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/05 3:27 p.m.6 views

CVE-2025-55076

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system, which may allow a local user to execute arbitrary commands wi...

6.2CVSS7.7AI score0.00183EPSS
Exploits1References1
NVD
NVD
added 2025/12/03 5:15 p.m.9 views

CVE-2025-55076

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system, which may allow a local user to execute arbitrary commands wi...

6.2CVSS0.00183EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.6 views

PT-2025-48676

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetUserPassword function. The newPassword parameter is incorporated into a shell command string using sprintf without proper sanitisation or...

9.8CVSS7.8AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/27 3:3 p.m.5 views

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS7AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2025/11/26 2:15 a.m.7 views

CVE-2025-66266

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

9.3CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 2025/11/25 2:3 a.m.17 views

CVE-2025-59373

CVE-2025-59373 concerns a local privilege escalation in the ASUS System Control Interface (ASCI) restore mechanism, enabling an unprivileged user to copy files into protected system paths and cause arbitrary code to run as SYSTEM. Several sources (NVD/NIST, Red Hat, CIRCL enrichment, ZDI) identif...

8.5CVSS6AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.13 views

CVE-2025-34333

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process...

8.5CVSS7.3AI score0.00182EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/11/20 4:39 p.m.8 views

CVE-2025-12121 CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

0.00341EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/19 4:23 p.m.3 views

CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

8.7CVSS7AI score0.03188EPSS
Exploits2References4
CVE
CVE
added 2025/11/19 4:23 p.m.12 views

CVE-2025-34332

CVE-2025-34332 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web administration component runs Windows service actions via helper batch scripts in C:\F2MAdmin\F2E\AudioCodes_files\utils\Services. When service actions are requested through ajaxPost.php, PH...

8.5CVSS6.2AI score0.00182EPSS
Exploits2References4Affected Software2
Rows per page
Query Builder