Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

GoogleProjectZero
GoogleProjectZeroadded 2026/02/26 12:0 a.m.5 views

A Deep Dive into the GetProcessHandleFromHwnd API

Posted by James Forshaw In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I...

7.8CVSS8.4AI score0.19529EPSS
Exploits1
Rapid7 Blog
Rapid7 Blogadded 2025/07/14 2:7 p.m.3 views

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Overview During a Virtual Desktop Infrastructure VDI breakout assessment, Rapid7 identified a Local Privilege Escalation LPE vulnerability affecting Citrix Virtual Apps and Desktops. This issue was assigned CVE-2025-6759 and has a CVSS score of 7.3 High. Rapid7 observed a SYSTEM process handle wi...

7.8CVSS6.3AI score0.00064EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2025/07/08 12:0 a.m.4 views

PT-2025-28651 · Citrix · Citrix Virtual Apps/Desktops

Name of the Vulnerable Software and Affected Versions: Citrix Windows Virtual Delivery Agent versions prior to 2503 Citrix Windows Virtual Delivery Agent 2402 LTSR versions through CU2 Citrix Windows Virtual Delivery Agent 2203 LTSR version is not affected Description: A local privilege escalatio...

7.8CVSS6.6AI score0.00064EPSS
Exploits0References17
Positive Technologies
Positive Technologiesadded 2024/11/17 12:0 a.m.2 views

PT-2024-30630 · Imagination Technologies · Powervr

Name of the Vulnerable Software and Affected Versions: PowerVR affected versions not specified Description: The issue allows software installed and run as a non-privileged user to conduct improper GPU system calls, potentially gaining access to the graphics buffers of a parent process. This is...

8.4CVSS6.5AI score0.00047EPSS
Exploits0References9
Kitploit
Kitploitadded 2024/01/07 11:30 a.m.22 views

PPLBlade - Protected Process Dumper Tool

Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...

7.4AI score
Exploits0References1
Exploit DB
Exploit DBadded 2019/04/16 12:0 a.m.51 views

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation

Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV driver doesn’t take into account a virtualized handle bei...

7.4AI score
Exploits0
OSV
OSVadded 2017/08/02 7:29 p.m.1 views

CVE-2017-9769

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process...

9.8CVSS5.9AI score0.77766EPSS
Exploits5References3
CVE
CVEadded 2017/08/02 7:0 p.m.83 views

CVE-2017-9769

CVE-2017-9769 affects Razer Synapse, where a crafted IOCTL sent to the rzpnk.sys driver is forwarded to ZwOpenProcess, allowing opening a handle to an arbitrary process and enabling local privilege escalation. Public materials describe reading/writing memory and potential code execution via a hoo...

10CVSS9.2AI score0.77766EPSS
Exploits5References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2017/08/02 12:0 a.m.36 views

CVE-2017-9769

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. Recent assessments: zeroSteiner at November 21, 2019 11:14pm UTC reported: Analysis The Razer rzpnk.sys driver...

10CVSS0.3AI score0.77766EPSS
Exploits5References4
Rows per page
Query Builder