Lucene search
K

832 matches found

CVE
CVE
added 2025/12/19 9:5 p.m.12 views

CVE-2023-53946

Affected software: Arcsoft PhotoStudio 6.0.0.172. Vulnerability: unquoted service path in the ArcSoft Exchange Service that can be exploited by local attackers to escalate privileges by placing a malicious executable in the unquoted path, triggering code execution with system-level permissions. I...

8.5CVSS7.4AI score0.00135EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2025/12/09 12:0 a.m.5 views

Microsoft Windows win32kbase Out-Of-Bounds Access Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kbase...

8.8CVSS7.3AI score0.00663EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/02 2:34 a.m.9 views

CVE-2025-20774

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796...

0.00074EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/30 12:0 a.m.4 views

Logic Encryption: This Time for Real

Modern circuits face various threats like reverse engineering, theft of intellectual property IP, side-channel attacks, etc. Here, we present a novel approach for IP protection based on logic encryption LE. Unlike established schemes for logic locking, our work obfuscates the circuit's structure...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.210 views

📄 Microsoft Windows 10 21H2 / 22H2 Kernel Race Condition / Privilege Escalation

Proof of concept exploit for a kernel race condition in Microsoft Windows 10 versions 21H2 and 22H2. Combined with a double-free memory corrupt issue, it allows for privilege escalation...

7CVSS5.6AI score0.061EPSS
Exploits6
Malwarebytes
Malwarebytes
added 2025/11/24 3:43 p.m.8 views

Matrix Push C2 abuses browser notifications to deliver phishing and malware

Cybercriminals are using browser push notifications to deliver malware and phishing attacks. Researchers at BlackFog described how a new command-and-control platform, called Matrix Push C2, uses browser push notifications to reach potential victims. When we warned back in 2019 that browser push...

6.4AI score
Exploits0
OSV
OSV
added 2025/11/06 11:15 p.m.4 views

CVE-2025-62630

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...

9.8CVSS6AI score0.00661EPSS
Exploits0References3
NVD
NVD
added 2025/11/06 11:15 p.m.7 views

CVE-2025-62630

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...

9.8CVSS0.00661EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 10:27 p.m.9 views

CVE-2025-62630 Advantech DeviceOn/iEdge Path Traversal

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...

8.8CVSS0.00661EPSS
Exploits0References3
CVE
CVE
added 2025/11/06 10:27 p.m.20 views

CVE-2025-62630

Summary (CVE-2025-62630 – Advantech DeviceOn/iEdge) : A path traversal vulnerability exists due to insufficient sanitization in the DeviceOn/iEdge dashboard label/path, enabling an unauthenticated attacker to upload a crafted configuration file, traverse directories, and trigger remote code execu...

9.8CVSS6.8AI score0.00661EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 5:1 p.m.9 views

CVE-2025-10885 Privilege Escalation Vulnerability

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...

7.8CVSS6.9AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.5 views

PT-2025-45390

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Insufficient sanitization allows an attacker to upload a specially crafted configuration file, leading to directory traversal and remote code execution with system-level permissions. Recommendations ...

8.7CVSS7.8AI score0.00695EPSS
Exploits0References6
CVE
CVE
added 2025/11/05 6:19 a.m.27 views

CVE-2025-62225

The vulnerability CVE-2025-62225 affects Sony Optical Disc Archive Software (Windows). The root cause is an unquoted Windows service path, which allows a user with write access to the system drive root to execute arbitrary code with SYSTEM privileges. Affected component is the Windows service reg...

8.4CVSS7.1AI score0.00151EPSS
Exploits0References2
OSV
OSV
added 2025/11/04 7:15 a.m.7 views

CVE-2025-20749

In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800...

6.7CVSS5.8AI score0.0008EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 7:15 a.m.7 views

CVE-2025-20736

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435347; Issue ID: MSV-404...

6.7CVSS0.00133EPSS
Exploits0References1
OSV
OSV
added 2025/11/04 7:15 a.m.4 views

CVE-2025-20730

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141...

6.7CVSS5.8AI score0.00073EPSS
Exploits0References1
Metasploit
Metasploit
added 2025/10/30 6:54 p.m.491 views

NCR Command Center Agent Remote Code Execution

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. The...

10CVSS8.1AI score0.87383EPSS
Exploits3
Packet Storm
Packet Storm
added 2025/10/30 12:0 a.m.208 views

📄 NCR Command Center Agent 16.3 Remote Code Execution

CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...

10CVSS7.5AI score0.87383EPSS
Exploits3
EUVD
EUVD
added 2025/10/29 9:30 p.m.7 views

EUVD-2025-36710

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS6.9AI score0.00175EPSS
Exploits0References2
ICS
ICS
added 2025/10/16 6:0 a.m.7 views

Rockwell Automation FactoryTalk Linx

RISK EVALUATION Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also...

8.5CVSS6.5AI score0.00172EPSS
Exploits0References10
Rows per page
Query Builder