289 matches found
CVE-2019-25764
UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...
CVE-2019-25764
UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...
CVE-2026-55881
OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...
CVE-2026-12408 Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter
The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...
CVE-2026-56129
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...
CVE-2026-56129
CVE-2026-56129 concerns a vulnerability in a Generic IO & Memory Access driver for PCs from Toshiba Corporation and Dynabook Inc. that exposes its IOCTL with insufficient access control. The flaw enables a logged-in user with no administrative privilege to access physical memory through the drive...
CVE-2026-48616
Rocket.Chat versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. Protected file downloads at /file-upload/:fileId/:name authorize livechat access using rcroomtype=l with rcrid+rctoken, but the authorization path does not verify...
CVE-2026-9789
A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...
CVE-2026-6274
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...
Redline WR3200 安全漏洞
The Redline WR3200 is a Wi-Fi 4 router from the Turkish company Redline, capable of supporting 300Mbps wireless transmission. The Redline WR3200 versions from 7.1.3 to 7.1.8 have security vulnerabilities. These vulnerabilities stem from improper authentication, lack of authentication for critical...
CVE-2026-9789
A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...
CVE-2026-9789
The CVE-2026-9789 entry describes a Local Privilege Escalation affecting Acer NitroSense software prior to 3.01.3052. The root cause is a PSAdminAgent service that creates a Named Pipe with a weak ACL, allowing any authenticated local user to connect and issue commands. The service does not verif...
CVE-2026-9789 NitroSense V3: Security Vulnerability Information
A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...
CVE-2026-9789 NitroSense V3: Security Vulnerability Information
A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...
EUVD-2026-32700
A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...
CVE-2026-9789
A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...
Acer NitroSense 安全漏洞
Acer NitroSense is a gaming device performance management software developed by Acer of Taiwan, China. Versions of Acer NitroSense prior to 3.01.3052 contained security vulnerabilities. These vulnerabilities stemmed from the PSAdminAgent service creating named pipes with weak access control lists...
PT-2026-44171
A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...
Why Outdated Maintenance Software Is a Growing Ransomware Risk
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers...
HCL BigFix Service Management 日志信息泄露漏洞
HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to log information leakage. This vulnerability stems from ineffective access control, which may lead to unauthoriz...