259 matches found
EUVD-2023-34262
Malicious code in bioql PyPI...
EUVD-2025-27421
Malicious code in bioql PyPI...
KLA88208 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Windows Bluetooth Service can be exploited remotely to gain privileges. 2. An...
CVE-2025-3025 CCleaner Link Following Local Privilege Escalation Vulnerability
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before 6.36.11508...
windows-privesc-check
It is an offensive tool for Windows privilege escalation checking. The tool, windows-privesc-check, is a standalone executable that runs on Windows systems, attempting to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or access local apps. I...
CVE-2025-9043
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious...
August โIn the Trend of VMโ (#18): vulnerabilities in Microsoft Windows and SharePoint
August "In the Trend of VM" 18: vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup - this time, it's extremely short. Post on Habr rus Digest on the PT website rus Only two trending vulnerabilities: Remote Code Execution - Microsoft SharePoint Server "ToolShell"...
The vulnerability of the Win32k.sys component in Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Win32k.sys component in Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...
CVE-2025-49797
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the...
CVE-2025-36632
CVE-2025-36632 affects Tenable Agent on Windows prior to 10.8.5, where a non-administrative user can execute code with SYSTEM privileges. The vulnerability is documented across multiple sources (including Red Hat, NVD, CNVD) as a local privilege escalation in Tenable Agent; Tenable has released v...
CVE-2025-36633
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation...
CVE-2025-36631 Local Privilege Escalation
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege...
CVE-2025-48959
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent Windows before build 40077...
CVE-2025-30167 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration...
Improper file access permission settings in PC Time Tracer
Overview PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below. Incorrect default permissions CWE-276 - CVE-2025-46355 Ruslan Sayfiev and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
CVE-2025-24917
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation...
CVE-2024-50592
An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...
CVE-2024-7980
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. Chromium security severity: Medium...
CVE-2023-31027
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges...
CVE-2022-37326
Docker Desktop for Windows before 4.6.0 allows attackers to delete or create any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation...