Page 5 of 3812 results (0.028 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

09 May 2025 — Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion • https://www.gendigital.com/us/en/contact-us/security-advisories/) • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

09 May 2025 — Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0

09 May 2025 — A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. • https://access.redhat.com/security/cve/CVE-2025-3528 • CWE-276: Incorrect Default Permissions •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

07 May 2025 — IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. • https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

07 May 2025 — IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. • https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0

07 May 2025 — Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components • https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

06 May 2025 — An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. • https://github.com/rfxn/linux-malware-detect • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

01 May 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

30 Apr 2025 — GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. An attacker can leverage this vulnerability to escalate ... • https://www.zerodayinitiative.com/advisories/ZDI-25-268 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

29 Apr 2025 — An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915280 • CWE-269: Improper Privilege Management •