CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

PT-2026-35076

Name of the Vulnerable Software and Affected Versions Deskflow versions prior to 1.20.0 Deskflow versions prior to 1.26.0.134 Description The Deskflow daemon runs with SYSTEM privileges and exposes an Inter-Process Communication IPC named pipe with the WorldAccessOption enabled. This configuratio...

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2026-20981

Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege...

CVE-2025-59094

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...

CVE-2025-64994

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate...

CVE-2025-34352

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

PT-2025-47980

ASUS System Control Interface and Affected Versions ASUS System Control Interface affected versions not specified Description A local privilege escalation issue exists in the restore mechanism of the ASUS System Control Interface. An unprivileged actor can copy files without proper validation int...

EUVD-2025-36709

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

EUVD-2025-31107

Malicious code in bioql PyPI...

EUVD-2023-41868

Malicious code in bioql PyPI...

EUVD-2025-25691

Malicious code in bioql PyPI...

CVE-2025-10541

CVE-2025-10541 affects iMonitor EAM 9.6394, where the installed system service eamusbsrv64.exe runs with NT AUTHORITY\SYSTEM privileges. The service uses an insecure update mechanism that loads files placed in the C:\sysupdate\ directory during startup. Any local user can create/write to this dir...

CVE-2025-34193

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe that lack modern compile-time and...

CVE-2025-34194

Vasion Print (PrinterLogic) Virtual Appliance Host (pre-25.1.102) and Windows client deployments (pre-25.1.1413) are affected by an insecure temporary-file handling issue in the PrinterInstallerClient component. The software creates files as NT AUTHORITY\SYSTEM inside a user-controlled Temp path ...

Exploit for CVE-2015-2231

adups-get-super-serial CVE-2015-2231 Proof of Concept The POC I was using to demonstrate CVE-2015-2231 'Get Super Serial'. Was asked by a few people to post it so they could use similar things on other ADUPS firmware based devices which have this vulnerability. Cleaning up the laptop and posting...