CVE-2026-7373 Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

Rapid7 Metasploit Pro 访问控制错误漏洞

Rapid7 Metasploit Pro is a penetration testing software developed by Rapid7, Inc. Rapid7 Metasploit Pro has a access control vulnerability. This vulnerability arises from the Metasploit PostgreSQL service attempting to load OpenSSL configuration files from a non-existent directory that is writabl...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: openssl: openssl-3.5.6-0.3.hum1 aarch64, x8664 openssl-config-fips-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-engine-3.5.6-0.3.hum1 aarch64, x8664...

KeePassXC < 2.7.12 Local Privilege Escalation

The version of KeePassXC installed on the remote Windows host is prior to 2.7.12. It is, therefore, affected by a local privilege escalation vulnerability due to loading OpenSSL configuration from an unsecured location. A local attacker with low-privileged access could leverage this vulnerability...

CVE-2022-0517

Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN 2.7.1...

CVE-2025-14405

PDFsam Enhanced Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows phyiscally-present attackers to escalate privileges on affected installations of PDFsam Enhanced. An attacker must first obtain the ability to mount a malicious drive onto the targ...

CVE-2025-14406

CVE-2025-14406 affects Soda PDF Desktop via an Uncontrolled Search Path Element Local Privilege Escalation. The root cause is the OpenSSL configuration being loaded from an unsecured location, enabling a local attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary co...

CVE-2025-14406 Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system...

EUVD-2020-29097

Malware in sbrugna...

CVE-2025-27237

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

CVE-2025-27237

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

CVE-2025-27237

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

CVE-2025-8614

CVE-2025-8614 concerns NoMachine. The flaw is in OpenSSL configuration handling: the product loads an OpenSSL configuration file from an unsecured location, enabling local attackers who already have low-privilege code execution to escalate privileges and execute arbitrary code in the context of t...

Bdrive NetDrive 代码问题漏洞

Bdrive NetDrive is a network drive from Bdrive that connects to various cloud services or remote file storage. A code issue vulnerability exists in Bdrive NetDrive that stems from loading an OpenSSL configuration file from a non-secure location, which could result in local elevation of privilege...

Parallels Access 代码问题漏洞

Parallels Access is a parallel access application from Parallels USA. enabling the fastest, easiest, and most reliable remote access to your computer from anywhere. A security vulnerability exists in Parallels Access Agent version 6.5.3 39313 that stems from This vulnerability allows a local...

CVE-2021-3606

OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process openvpn.exe...

OpenVPN Connect代码问题漏洞

Openvpn OpenVPN Connect is a VPN Virtual Private Network client application from the American company OpenVPN Openvpn. A security vulnerability exists in OpenVPNConnect 3.2.0 through 3.3.0 that allows a local user to load arbitrary dynamically loadable libraries if present via an OpenSSL...

Multiple Veritas Product Security Vulnerabilities

Veritas Infoscale and others are products of Veritas, Inc.Veritas Infoscale is a highly available virtualized storage software.Veritas Foundation For Windows is a backup, storage management software.Veritas Foundation HA For Veritas Foundation HA For Windows is a backup, storage management...

CVE-2020-8224

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory...