CVSS: 9.3EPSS: %CPEs: 1EXPL: 0CVE-2026-24071 – XPC Client Validation via PID leading to Local Privilege Escalation in Native Instruments Native Access
https://notcve.org/view.php?id=CVE-2026-24071
02 Feb 2026 — It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks. • https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-native-instruments-native-access-macos • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2026-24070 – Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access
https://notcve.org/view.php?id=CVE-2026-24070
02 Feb 2026 — During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC service of the privileged helper is only allowed if the client process is signed with the corresponding certificate and fulfills the following code signing requirement: "anchor trusted and certificate leaf[subject.CN] ... • https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-native-instruments-native-access-macos • CWE-426: Untrusted Search Path •
CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-5386 – Account Hijacking via Password Reset Token Leak in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5386
02 Feb 2026 — The issue results from an excessive attack surface, allowing lower-privileged users to escalate their privileges and take over accounts. • https://github.com/lunary-ai/lunary/commit/fc7ab3d5621c18992da5dab3a2a9a8d227d42311 • CWE-1125: Excessive Attack Surface •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36184 – IBM Db2 Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36184
30 Jan 2026 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary priv... • https://www.ibm.com/support/pages/node/7257519 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36384 – IBM Db2 Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36384
30 Jan 2026 — IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. • https://www.ibm.com/support/pages/node/7257678 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2026-25129 – PsySH has Local Privilege Escalation via CWD .psysh.php auto-load
https://notcve.org/view.php?id=CVE-2026-25129
30 Jan 2026 — When the victim runs PsySH with elevated privileges (e.g., root), this results in local privilege escalation. ... If a privileged user (e.g., root, a CI runner, or an ops/debug account) launches PsySH with CWD set to an attacker-writable directory containing a malicious `.psysh.php`, the attacker can execute commands with that privileged user’s permissions, resulting in local privilege escalation. ... If a privileged user runs Tinker while their shell is in an attacker-wri... • https://github.com/bobthecow/psysh/releases/tag/v0.11.23 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-37060 – Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-37060
30 Jan 2026 — Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. • http://www.drive-software.com • CWE-428: Unquoted Search Path or Element •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13176 – Local privilege escalation in ESET Inspect Connector for Windows
https://notcve.org/view.php?id=CVE-2025-13176
30 Jan 2026 — Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. • https://support.eset.com/en/ca8910-eset-customer-advisory-local-privilege-escalation-vulnerability-fixed-in-eset-inspect-connector-for-windows • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-1680 – Local Privilege Escalation in Local Admin Service
https://notcve.org/view.php?id=CVE-2026-1680
30 Jan 2026 — Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions. • https://retest.dk/local-privilege-escalation-vulnerability-found-in-local-admin-service • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-37021 – Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-37021
29 Jan 2026 — 10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. • https://www.10-strike.com • CWE-428: Unquoted Search Path or Element •