30665 matches found
EUVD-2026-45363
VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root. Affected versions: 32.1.1 fixed in 32.1.2 31.1.1 through 31.2.2 fixed in 31.2.2-2p3 30.1.1 through 30.2.6 fixed in 30.2.7...
CVE-2026-47868
CVE-2026-47868 concerns VMware Avi Load Balancer. A local privilege escalation allows a user with local access to run code as root. Affected versions are: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30.2.6 (fixed in 30.2.7); 22.1.1–22.1.7 (fixed in 30.2.7). CVSSv3.1 base...
CVE-2026-50650
A flaw was found in .NET Framework. This vulnerability, caused by improper control of code generation, allows an unauthorized attacker to inject malicious code. Successful exploitation can lead to local privilege escalation, enabling the attacker to gain higher access rights on the affected syste...
CVE-2026-15380 Local privilege escalation in Symantec ITMS
A non-administrator interactive user can obtain full SYSTEM code execution through a DCOM/task scheduler logic chain — no network access, no memory corruption required ITMS 8.7.3...
CVE-2019-25764
CVE-2019-25764 concerns the ASUS AURA SYNC driver, where an exposed IOCTL with insufficient access control enables a local user to bypass verification and invoke arbitrary IOCTLs, leading to privilege escalation. The available connected documents confirm the affected component as the ASUS AURA SY...
CVE-2019-25764
UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...
CVE-2026-40106 Wazuh: Heap-based Buffer Overflow in syscheck Registry Wildcard Expansion (LPE / DoS)
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.6.0 and above prior to 4.14.5 contain a heap-based buffer overflow vulnerability in the syscheck component of the Wazuh agent for Windows. When expanding registry paths containing wildcards or...
CVE-2026-40106
Summary: CVE-2026-40106 affects the Windows agent of Wazuh (versions 4.6.0–pre-4.14.5). A heap-based buffer overflow occurs in the syscheck component during registry wildcard expansion. The code allocates a fixed 256-byte heap buffer (OS_SIZE_256); creating a registry subkey of maximum length (25...
CVE-2026-58598
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Backup Engine allows an authorized attacker to elevate privileges locally...
CVE-2026-53411 Zoom Workplace VDI Plugin for Windows - Improper Input Validation
A time-of-check to time-of-use TOCTOU race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges...
CVE-2026-6423
A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...
CVE-2026-6423 Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector
A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...
EUVD-2026-44895
A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...
CVE-2026-6423
CVE-2026-6423 concerns a local privilege escalation in the ESET Inspect Connector caused by improper authentication on an ALPC IPC channel. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/ATT:N/VC:H/VI:H/SA:N/SI:N/VA:H) yields a base score of 8.5 (HIGH). Reported impact indicates elevated confidentialit...
Amazon Linux 2023 : cifs-utils, cifs-utils-devel, cifs-utils-info (ALAS2023-2026-1927)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1927 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...
CVE-2026-36425
The CVE-2026-36425 issue affects OPSWAT AppRemover Driver (ardrv.sys, v2017.10.02.1551 and earlier). The IOCTL handler 0x2420031 can be invoked by a local, non-privileged user to terminate arbitrary processes without validating caller privileges, process protections, or critical-system status. Do...
CVE-2026-14961 CVE-2026-14961
Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...
libinput security update
An update is available for libinput. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libinput is a library that handles input devices for display servers and...
CVE-2026-50130 Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...
Moderate: Red Hat Security Advisory: libinput security update
An update for libinput is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...