157 matches found
CVE-2026-7162
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...
CVE-2026-7162
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...
EUVD-2026-43268
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...
CVE-2026-7162
CVE-2026-7162 involves an integer overflow that could allow an attacker to achieve system-level access to the affected software. The linked sources indicate a local attack vector with high impact (confidentiality, integrity, and availability all rated high) and require no user interaction, with p...
PT-2026-57622
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...
Security Bulletin: Security vulnerability in IBM Storage Protect Client leads to unauthorized access to IBM Storage Protect Snapshot for Windows Standalone Configuration
Summary Security vulnerability in IBM Storage Protect Client leads to unauthorized access to IBM Storage Protect Snapshot for Windows Standalone Configuration. CVE-2026-12628 Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage...
TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...
CVE-2026-7373
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...
CVE-2026-3006
CVE-2026-3006 is a race-condition vulnerability whose description states it can allow triggering a kernel heap overflow, potentially enabling local privilege escalation. A PT-Security advisory indicates WinFsp 2026 Beta1 includes an important fix for this vulnerability, recommending upgrading to ...
CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...
EUVD-2018-21789
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...
CVE-2018-25272
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...
EUVD-2026-23376
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482
The CVE-2026-6482 entry describes a Local Privilege Escalation in Rapid7 Insight Agent (Windows) versions > 4.1.0.2. At startup, the high-privilege agent service loads an OpenSSL configuration file from a directory writable by standard users; a crafted openssl.cnf can cause the service to exec...
CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the produ...
CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Serve...
CVE-2019-25568 Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...