EUVD-2026-33669

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

CVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

EUVD-2026-8634

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

udisks 安全漏洞

udisks is a daemon developed by stored-project, open-source software used for querying and managing storage devices. udisks has a security vulnerability that stems from the lack of authorization checks in the privileged D-Bus API. This vulnerability could allow non-privileged local users to...

EUVD-2026-3111

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard non‑administrator local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged...

Microsoft Edge security vulnerabilities

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There is a security vulnerability in Microsoft Edge, which stems from improper validation of privileged COM interfaces. This vulnerability could allow non-administrator users to execute privileged update...

PT-2026-3326

Name of the Vulnerable Software and Affected Versions Microsoft Edge affected versions not specified Description The Microsoft Edge Elevation Service has a design flaw where a privileged COM interface does not properly check the permissions of the process making the request. A standard local user...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Jan-2026 Release 1, which stems from improper access control and could...

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

Linux Distros Unpatched Vulnerability : CVE-2019-12474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cache...

CVE-2024-34655

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2024 Release 1 version and earlier versions, which stems from the DualDarManagerProxy component containing...

PT-2024-26075 · Unknown · Universalcredentialmanager

Name of the Vulnerable Software and Affected Versions: UniversalCredentialManager versions prior to SMR Sep-2024 Release 1 Description: The issue is related to the incorrect use of privileged API in UniversalCredentialManager, allowing local attackers to access privileged API related to...

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

CVE-2023-6150

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...

SGUDA U-Lock 安全漏洞

SGUDA U-Lock is a smart electronic lock from SGUDA. A security vulnerability exists in SGUDA U-Lock, which stems from an authorization error in the user management function of the central locking service. The vulnerability can be exploited by a remote attacker to invoke a privileged API to access...

CVE-2019-8987

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to...