Page 4 of 4825 results (0.008 seconds)

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. • https://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. • https://www.ibm.com/support/pages/node/7236356 • CWE-277: Insecure Inherited Permissions •

CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://pentraze.com • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •

CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. An attacker can leverage this vulnerability ... • https://www.zerodayinitiative.com/advisories/ZDI-25-340 • CWE-863: Incorrect Authorization •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-242: Use of Inherently Dangerous Function •

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •