CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2025-64994

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

PT-2025-47980

ASUS System Control Interface and Affected Versions ASUS System Control Interface affected versions not specified Description A local privilege escalation issue exists in the restore mechanism of the ASUS System Control Interface. An unprivileged actor can copy files without proper validation int...

EUVD-2025-36709

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2025-10541

CVE-2025-10541 affects iMonitor EAM 9.6394, where the installed system service eamusbsrv64.exe runs with NT AUTHORITY\SYSTEM privileges. The service uses an insecure update mechanism that loads files placed in the C:\sysupdate\ directory during startup. Any local user can create/write to this dir...

MAL-2025-41501 Malicious code in @twork-data-services/procedure-v2-execute-as-method-request (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-8612

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

Microsoft SQL Server SQL Injection Escalate Execute AS

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate Execute AS', 'Description' = %q This module can be used escalate privileges if the IMPERSONATION privilege has...

PT-2024-38192 · Avast · Avast Free Antivirus

Name of the Vulnerable Software and Affected Versions: Avast Free Antivirus affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged...

CVE-2023-49257

An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges...

PT-2023-23645 · Wacom · Wacom Drivers For Windows

Name of the Vulnerable Software and Affected Versions: Wacom Drivers for Windows affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute...

Cisco DNA Center 输入验证错误漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. A command execution vulnerability exists in Cisco DNA Center Software. The vulnerability stems from the application's inadequate validation of user-supplied input in API request parameters and can be exploited by ...

CVE-2023-20184

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

Exploit for CVE-2022-42457

CVE-2022-42457 Generex-CS141-Authenticated-Remote-Command-Exec...

PT-2022-25671 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: Windscribe affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order...

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...