CVE-2026-5055

NoMachine CVE-2026-5055 involves an Uncontrolled Search Path Element in the NoMachine Device Server. The flaw arises because the Device Server loads a library from an unsecured location, enabling a local attacker who already has low-privileged code execution to escalate to SYSTEM and potentially ...

CVE-2026-5055 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2025-7024

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-69784

CVE-2025-69784 describes a local, non-privileged attacker abusing a vulnerable IOCTL interface in the OpenEDR 2.5.1.0 kernel driver to alter the DLL injection path. By redirecting the path to a user-writable location, the attacker can cause OpenEDR to load an attacker-controlled DLL into high-pri...

CVE-2016-20026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...

Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

CVE-2026-27749

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\ProgramData using .NET BinaryFormatter without...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

Multiple vulnerabilities in Dell UPS Multi-UPS Management Console (MUMC)

Overview UPS Multi-UPS Management Console MUMC provided by Dell Inc. contains multiple vulnerabilities listed below. Unquoted search path or element CWE-428 - CVE-2026-26033 Incorrect default permissions CWE-276 - CVE-2026-26034 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these...

Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Improper file access permission settings in the installers for multiple Soliton Systems products

Overview The installers for multiple products provided by Soliton Systems K.K. contain the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-27653 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

CVE-2026-2039

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-2039

CVE-2026-2039 concerns GFI Archiver’s MArc.Store.Remoting.exe (port 8018). The issue is a missing authorization before accessing functionality, enabling remote attackers to bypass authentication and potentially execute code in the context of SYSTEM. The vulnerability is documented across multiple...

CVE-2026-2039 GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...