258 matches found
CVE-2020-12431
A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with...
CVE-2020-12324
Protection mechanism failure in some IntelR ThunderboltTM DCH drivers for Windows before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access...
The vulnerability of the Windows Common Log File System Driver in the Windows operating system allows a hacker to gain increased privileges.
The vulnerability of the Windows Common Log File System Driver in the operating system is related to the possibility of using memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
Docker Desktop < 4.41.0 Privilege Escalation
The version of Docker Desktop for Windows is prior to 4.41.0. It is therefore affected by a privilege escalation vulnerability. A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTE...
CVE-2025-26692
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory 'Path Traversal'. If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running...
CVE-2024-4877
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...
CVE-2024-4877
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...
CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and...
CVE-2025-24994 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
...
CVE-2025-0889
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process...
Exploit for Execution with Unnecessary Privileges in Microsoft
CVE-2024-43583 - Windows Privilege Escalation Exploit Author...
CVE-2024-32938
Uncontrolled search path for some IntelR MPI Library for Windows software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2025-23236
Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained...
CVE-2025-22890
Defense Platform Home Edition (Humming Heads)
CVE-2025-24789 Snowflake JDBC allows an untrusted search path on Windows
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write...
CVE-2025-21281
CVE-2025-21281 is a Microsoft Windows COM elevation-of-privilege vulnerability. The CVE entry maps to Windows COM with a high CVSS v3.1 score (7.8, LOW_PRIVILEGES, LOCAL vector; no user interaction; confidentiality/integrity/availability impact: HIGH). The connected documents identify the affecte...
CVE-2024-55540
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...
Metasploit Weekly Wrap-Up 12/06/2024
Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover...
The vulnerability of the Win32k.sys component in Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Win32k.sys component in Windows operating systems is related to the use of an untrustworthy pointer. Exploiting this vulnerability can allow an attacker to increase their privileges...
CVE-2024-7481
Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewerservice.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and...