AMD EPYC™ and AMD EPYC™ Embedded Series Processor Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS Vector ---|---|--- CVE-2025-61972| Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in...

CVE-2026-22615

Due to improper input validation in one of the Eaton Intelligent Power Protector IPP XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version...

Linux Distros Unpatched Vulnerability : CVE-2025-29934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data...

About Elevation of Privilege – Windows Agere Modem Driver (CVE-2025-24990) vulnerability

About Elevation of Privilege - Windows Agere Modem Driver CVE-2025-24990 vulnerability. The vulnerability is from Microsoft's October Patch Tuesday. Agere Modem Driver ltmdm64.sys is a software component that allows a computer to communicate with an Agere or LSI modem for dial‑up or fax...

Quadient DS-700 iQ 竞争条件问题漏洞

The Quadient DS-700 iQ is an automated envelope sealer device from Quadient, France. A Competitive Condition Issue vulnerability exists in the Quadient DS-700 iQ version 2025-09-30 and earlier, which originates from a competitive condition that exists when clicking the Question Mark button, the...

CVE-2025-26398

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...

CVE-2025-26398 SolarWinds Database Performance Analyzer Hard-coded Cryptographic Key Vulnerability

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle MITM attack against users. This vulnerability requires additional software not installed by default, local access to the server and...

VMware Tools 11.x / 12.x < 12.5.3 / 13.x < 13.0.1.0 vSockets Information Disclosure (VMSA-2025-0013)

The version of VMware Tools installed on the remote Windows host is 11.x, 12.x prior to 12.5.3, or 13.x prior to 13.0.1.0. It is, therefore, affected by an information disclosure vulnerbility: - VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability du...

CVE-2025-4661

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit...

CVE-2025-4661

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit...

CVE-2025-4661 Path transversal vulnerability potentially leading to sensitive information disclosure

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit...

PT-2025-26201

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions 9.1.0 through 9.2.2 Description A path traversal issue could allow a local admin user to gain access to files outside the intended directory, potentially leading to the disclosure of sensitive information. Admin leve...

CVE-2024-13843

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data...

CVE-2024-13842

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data...

CVE-2024-53919

An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root...

CVE-2024-38646

An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerabilit...

PT-2024-22653 · Dell · Dell Client Bios

Name of the Vulnerable Software and Affected Versions: Dell Client BIOS affected versions not specified Description: The issue is related to an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to...

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

CVE-2022-0997

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a...

ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go

ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with...