832 matches found
CVE-2023-53946
Affected software: Arcsoft PhotoStudio 6.0.0.172. Vulnerability: unquoted service path in the ArcSoft Exchange Service that can be exploited by local attackers to escalate privileges by placing a malicious executable in the unquoted path, triggering code execution with system-level permissions. I...
Microsoft Windows win32kbase Out-Of-Bounds Access Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kbase...
CVE-2025-20774
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796...
Logic Encryption: This Time for Real
Modern circuits face various threats like reverse engineering, theft of intellectual property IP, side-channel attacks, etc. Here, we present a novel approach for IP protection based on logic encryption LE. Unlike established schemes for logic locking, our work obfuscates the circuit's structure...
📄 Microsoft Windows 10 21H2 / 22H2 Kernel Race Condition / Privilege Escalation
Proof of concept exploit for a kernel race condition in Microsoft Windows 10 versions 21H2 and 22H2. Combined with a double-free memory corrupt issue, it allows for privilege escalation...
Matrix Push C2 abuses browser notifications to deliver phishing and malware
Cybercriminals are using browser push notifications to deliver malware and phishing attacks. Researchers at BlackFog described how a new command-and-control platform, called Matrix Push C2, uses browser push notifications to reach potential victims. When we warned back in 2019 that browser push...
CVE-2025-62630
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-62630
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-62630 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-62630
Summary (CVE-2025-62630 – Advantech DeviceOn/iEdge) : A path traversal vulnerability exists due to insufficient sanitization in the DeviceOn/iEdge dashboard label/path, enabling an unauthenticated attacker to upload a crafted configuration file, traverse directories, and trigger remote code execu...
CVE-2025-10885 Privilege Escalation Vulnerability
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM...
PT-2025-45390
Name of the Vulnerable Software and Affected Versions affected versions not specified Description Insufficient sanitization allows an attacker to upload a specially crafted configuration file, leading to directory traversal and remote code execution with system-level permissions. Recommendations ...
CVE-2025-62225
The vulnerability CVE-2025-62225 affects Sony Optical Disc Archive Software (Windows). The root cause is an unquoted Windows service path, which allows a user with write access to the system drive root to execute arbitrary code with SYSTEM privileges. Affected component is the Windows service reg...
CVE-2025-20749
In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800...
CVE-2025-20736
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435347; Issue ID: MSV-404...
CVE-2025-20730
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141...
NCR Command Center Agent Remote Code Execution
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. The...
📄 NCR Command Center Agent 16.3 Remote Code Execution
CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...
EUVD-2025-36710
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...
Rockwell Automation FactoryTalk Linx
RISK EVALUATION Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also...