Microsoft Windows win32kfull Out-Of-Bounds Write Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

CVE-2025-66461

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed...

EUVD-2025-201699

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed...

CVE-2025-66461

Summary: The CVE-2025-66461 vulnerability affects GS Yuasa’s FULLBACK Manager Pro. The issue is unquoted file paths for two Windows services, enabling local user with write access to the installation directory to execute arbitrary code with SYSTEM privileges. Affected product (from sources): FULL...

GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths

Overview FULLBACK Manager Pro provided by GS Yuasa International Ltd. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66461 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

PT-2025-49543

FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed...

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-59485

Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...

Wibu-Systems WibuKey Runtime Untrusted Pointer Dereference Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Wibu-Systems WibuKey Runtime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Parallels Toolbox CleanDrive Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Toolbox. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. Additional user interaction is required in th...

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator ...

CVE-2025-62225

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-64151

Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-64151

CVE-2025-64151 affects multiple Roboticsware products (Roboticsware PTE. LTD.) where Windows services are registered with unquoted file paths. This leads to a local privilege escalation: a user with write access to the system drive root can trigger arbitrary code execution with SYSTEM privileges....

CVE-2025-64151

Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

PT-2025-45084

Name of the Vulnerable Software and Affected Versions Sony Optical Disc Archive Software affected versions not specified Description The Optical Disc Archive Software from Sony Corporation registers a Windows service with an unquoted file path. A user possessing write permissions to the system...

CVE-2025-9870

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2025-9870

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2025-9871

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2025-9869

Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...