CVE-2025-59307

RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-59307

RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

SourceCodester Online Polling System Code SQL注入漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. A SQL injection vulnerability exists in SourceCodester Online Polling System Code version 1.0, which stems from improper handling of parameters in the /manage-profile.php file, which can lead to SQL...

CVE-2025-58400

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-58400

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-58400

CVE-2025-58400 affects RATOC RAID Monitoring Manager for Windows by RATOC Systems, Inc. The root cause is an unquoted Windows service path, enabling a user with write access to the system drive root directory to run arbitrary code with SYSTEM privileges. Affected products include RATOC RAID Monit...

CVE-2025-8302

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

CVE-2025-8300

Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute...

PT-2025-35609

Name of the Vulnerable Software and Affected Versions: Realtek RTL8811AU drivers affected versions not specified Description: The Realtek RTL8811AU driver contains a heap-based buffer overflow in the N6CSet DOT11 CIPHER DEFAULT KEY function. This flaw occurs due to insufficient validation of...

CVE-2025-57846

CVE-2025-57846 affects Digital Arts i-フィルター products. Root cause: incorrect default permissions (CWE-276) leading to potential arbitrary code execution. Impact: local authenticated attacker can replace a service executable on the host with SYSTEM privileges. Affected products/versions include: i-...

CVE-2025-57699

The vulnerability CVE-2025-57699 affects Western Digital Kitfox for Windows. The issue is an unquoted file path in a Windows service, enabling a user with write access to the system drive root to execute arbitrary code with SYSTEM privileges. Root cause: unquoted service path. Affected products/v...

JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path

Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...

CVE-2025-8612 AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability

AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to execute low-privileged code on the target...

(Pwn2Own) Microsoft Windows 11 vhdmp Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Virtual Hard...

(Pwn2Own) Microsoft Windows win32kbase Type Confusion Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kbase...

(Pwn2Own) Microsoft Windows Exposed Dangerous Function Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

PT-2025-30142 · Unknown · Church Donation System

Name of the Vulnerable Software and Affected Versions: Church Donation System version 1.0 Description: A critical vulnerability exists in Church Donation System 1.0. The vulnerability affects unknown code within the /members/offering.php file. Manipulation of the trcode argument results in a SQL...

CVE-2024-25315

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2...

CVE-2023-32232

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out o...

CVE-2022-48217

The tfremappernode component 1.1.1 for Robot Operating System ROS allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled oldtftopicname and/or newtftopicname...