Page 5 of 4825 results (0.008 seconds)

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. ... An attacker can leverage this vuln... • https://helpcenter.trendmicro.com/en-us/article/TMKA-12917 • CWE-64: Windows Shortcut Following (.LNK) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. • https://www.zerodayinitiative.com/advisories/ZDI-25-351 • CWE-1326: Missing Immutable Root of Trust in Hardware •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

10 Jun 2025 — The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. ... As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges. • https://pentraze.com • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

10 Jun 2025 — Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

10 Jun 2025 — Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714 • CWE-284: Improper Access Control •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

09 Jun 2025 — An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module • https://github.com/SahilDabhilkar/CVE-Reference/blob/main/CVE-2025-29627.md • CWE-287: Improper Authentication •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

09 Jun 2025 — This allows attackers to escalate privileges by creating a new administrator account. • https://github.com/Silverpeas/Silverpeas-Core/pull/1394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

05 Jun 2025 — The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. • https://support.hp.com/us-en/document/ish_12617979-12618008-16/hpsbgn04022 • CWE-281: Improper Preservation of Permissions •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

04 Jun 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-8000 • CWE-732: Incorrect Permission Assignment for Critical Resource •