Lucene search
K

157 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-7162

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-7162

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43268

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References2
CVE
CVE
added 2 days ago24 views

CVE-2026-7162

CVE-2026-7162 involves an integer overflow that could allow an attacker to achieve system-level access to the affected software. The linked sources indicate a local attack vector with high impact (confidentiality, integrity, and availability all rated high) and require no user interaction, with p...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57622

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago10 views

Security Bulletin: Security vulnerability in IBM Storage Protect Client leads to unauthorized access to IBM Storage Protect Snapshot for Windows Standalone Configuration

Summary Security vulnerability in IBM Storage Protect Client leads to unauthorized access to IBM Storage Protect Snapshot for Windows Standalone Configuration. CVE-2026-12628 Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage...

9.1CVSS6AI score0.00357EPSS
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2026/05/28 12:0 a.m.14 views

TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

7.8CVSS7AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 3:16 a.m.55 views

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

9.3CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 2:35 a.m.46 views

CVE-2026-3006

CVE-2026-3006 is a race-condition vulnerability whose description states it can allow triggering a kernel heap overflow, potentially enabling local privilege escalation. A PT-Security advisory indicates WinFsp 2026 Beta1 includes an important fix for this vulnerability, recommending upgrading to ...

7CVSS5.2AI score0.00102EPSS
Exploits0References5
OSV
OSV
added 2026/04/24 7:50 p.m.3 views

CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

7.8CVSS6.2AI score0.00218EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/22 6:31 p.m.4 views

EUVD-2018-21789

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 2:57 p.m.5 views

CVE-2018-25272

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/17 6:31 a.m.6 views

EUVD-2026-23376

The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...

9.3CVSS5.9AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 5:19 a.m.5 views

CVE-2026-6482

The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...

9.3CVSS5.9AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 5:19 a.m.20 views

CVE-2026-6482

The CVE-2026-6482 entry describes a Local Privilege Escalation in Rapid7 Insight Agent (Windows) versions > 4.1.0.2. At startup, the high-privilege agent service loads an OpenSSL configuration file from a directory writable by standard users; a crafted openssl.cnf can cause the service to exec...

9.3CVSS5.9AI score0.0018EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/17 5:19 a.m.33 views

CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent

The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...

9.3CVSS0.0018EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.12 views

Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the produ...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/04/11 1:16 a.m.6 views

CVE-2026-5055

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS0.00214EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/03/30 12:0 a.m.5 views

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NoMachine Device Serve...

7.8CVSS6.2AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/21 12:47 p.m.30 views

CVE-2019-25568 Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

9.8CVSS0.0032EPSS
Exploits1References4
Rows per page
Query Builder