CVE-2026-0143

The CVE-2026-0143 entry describes a memory corruption vulnerability in the Linux Wireless Interface Subsystem (lwis) code path: lwis_device_external_event_emit in lwis_event.c. A use-after-free condition could lead to local escalation of privilege with System execution privileges required, and ex...

CVE-2026-22676

Barracuda RMM prior to version 2025.2.2 is affected by a privilege-escalation vulnerability. Local attackers can leverage overly permissive ACLs on C:\Windows\Automation to modify existing automation content or drop attacker-controlled files that are executed during routine automation cycles unde...

CVE-2019-25568 Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

CVE-2019-25568

Memu Play 6.0.7 contains an insecure file-permissions vulnerability that enables privilege escalation by replacing MemuService.exe in the installation directory with a malicious executable. An attacker can rename/overwrite MemuService.exe, causing the service to run at system level upon reboot. T...

CVE-2026-20424

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540...

PT-2026-7075

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2021-47822

DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level...

EUVD-2025-204595

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

EUVD-2021-24935

Malware in sbrugna...

EUVD-2012-6578

Malware in sbrugna...

EUVD-2020-29875

Malware in sbrugna...

EUVD-2020-29446

Malware in sbrugna...

EUVD-1999-1395

Malware in sbrugna...

EUVD-2023-31853

Malicious code in bioql PyPI...

EUVD-2025-21813

Malicious code in bioql PyPI...

EUVD-2025-16169

Malicious code in bioql PyPI...

CVE-2025-43491

A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted...

CVE-2025-36908

In lwistopregisterio of lwisdevicetop.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36908

In lwistopregisterio of lwisdevicetop.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2012-10030

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or...