Exploitation for Priv Esc

CVE-2026-20131 is a critical remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) Software, classified as insecure deserializati…

Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1 contain a hardcoded credential vulnerability (CWE-798) allowing unauthenticated remote atta…

CVE-2026-10520 is a critical OS Command Injection vulnerability (CWE-78) in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1. It allows a remote un…

CVE-2026-0300 is a critical buffer overflow vulnerability (CWE-787) in the User-ID Authentication Portal of Palo Alto Networks PAN-OS, allowing unauthenticated …

CVE-2026-20245 is a command injection vulnerability in the CLI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) caused by insufficient validation of u…

Trend Micro Apex One on-premise server contains a directory traversal vulnerability (CWE-23) allowing pre-authenticated local attackers with administrative acce…

CVE-2026-20133 is a medium severity (CVSS 6.5) information disclosure vulnerability in Cisco Catalyst SD-WAN Software caused by insufficient file system restric…

CVE-2012-1854 is an untrusted search path vulnerability affecting Microsoft Office 2003 SP3, 2007 SP2/SP3, 2010 Gold/SP1, and the Summit Microsoft Visual Basic …

CVE-2025-60710 is a high-severity vulnerability in Microsoft Windows affecting the Host Process for Windows Tasks, allowing an authorized attacker to elevate pr…

CVE-2023-36424 is a HIGH severity vulnerability (CVSS 7.8) in Microsoft Windows involving the Common Log File System Driver, classified under CWE-125 (Out-of-bo…

CVE-2025-43510 is a high-severity memory corruption vulnerability (CWE-667) affecting multiple Apple products including iOS, iPadOS, macOS, tvOS, visionOS, and …

CVE-2025-43520 is a memory corruption vulnerability (CWE-120) affecting multiple Apple products including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The i…

CVE-2023-41974 is a memory corruption vulnerability (use-after-free) affecting Apple iOS and iPadOS, specifically impacting versions prior to iOS 17 and iPadOS …

CVE-2026-21385 is a memory corruption vulnerability affecting Qualcomm multiple chipsets, classified under CWE-190. The vulnerability has a CVSS v3.1 score of 7…

CVE-2022-20775 is a high-severity vulnerability (CVSS 7.8) in Cisco SD-WAN Software affecting the CLI due to improper access controls. It allows an authenticate…

Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CWE-494) where the WinGUp updater fails to cryptographically verify do…

CVE-2026-20700 is a high-severity memory corruption vulnerability (CWE-119) affecting Apple iOS, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS prior to versi…

CVE-2026-21533 is a high severity vulnerability (CVSS 7.8) in Microsoft Windows Remote Desktop, classified as improper privilege management (CWE-269) allowing l…

CVE-2026-21519 is a high-severity local privilege escalation vulnerability in Microsoft Windows Desktop Window Manager, classified as a type confusion issue (CW…

CVE-2018-14634 is a local privilege escalation vulnerability in the Linux kernel affecting versions 2.6.x, 3.10.x, and 4.14.x. It stems from an integer overflow…

CVE-2026-23760 is a critical authentication bypass vulnerability in SmarterTools SmarterMail versions prior to build 9511, allowing unauthenticated attackers to…

CVE-2026-20045 is a critical remote code execution vulnerability in Cisco Unified Communications Manager and related products, classified under CWE-94 due to im…

CVE-2025-20393 is a critical remote code execution vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cis…

CVE-2025-6218 is a high-severity (CVSS 7.8) directory traversal vulnerability in RARLAB WinRAR that allows remote code execution via crafted archive file paths.…

CVE-2025-62221 is a high-severity vulnerability in Microsoft Windows affecting the Cloud Files Mini Filter Driver, classified as a use-after-free memory corrupt…

CVE-2025-48633 is a logic error in the hasAccountsOnAnyUser function of DevicePolicyManagerService.java within the Android Framework, allowing an attacker to ad…

CVE-2025-64446 is a critical path traversal vulnerability (CWE-23) affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through …

CVE-2025-62215 is a high-severity race condition vulnerability in the Windows Kernel that allows an authorized local attacker to elevate privileges. The issue s…

CVE-2025-9242 is a critical Out-of-bounds Write vulnerability (CWE-787) in WatchGuard Fireware OS affecting versions 11.10.2 through 11.12.4_Update1, 12.0 throu…

CVE-2025-41244 is a local privilege escalation vulnerability affecting VMware Aria Operations and VMware Tools, classified under CWE-267 (Improper Privilege Man…

CVE-2025-59287 is a critical vulnerability in Microsoft Windows Server Update Service (WSUS) involving the deserialization of untrusted data, classified under C…

CVE-2025-47827 affects IGEL OS versions prior to 11, allowing a Secure Boot bypass due to improper cryptographic signature verification in the igel-flash-driver…

CVE-2025-59230 is a high-severity vulnerability (CVSS 7.8) in Microsoft Windows Remote Access Connection Manager, classified as an improper access control issue…

CVE-2021-43226 is a high-severity elevation of privilege vulnerability affecting the Windows Common Log File System Driver. The vulnerability allows an attacker…

CVE-2025-4008 affects the Meteobridge web interface, a system for managing weather station data collection via CGI shell scripts and C. The vulnerability allows…

CVE-2025-32463 is a critical privilege escalation vulnerability in Sudo versions prior to 1.9.17p1, allowing local users to obtain root access by exploiting the…

CVE-2019-0211 is a high-severity privilege escalation vulnerability in Apache HTTP Server versions 2.4.17 through 2.4.38 affecting non-Unix systems. It allows c…

CVE-2023-20109 is a memory corruption vulnerability (CWE-787) in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS and IOS XE Software, all…

CVE-2025-20352 is a stack overflow vulnerability in the SNMP subsystem of Cisco IOS and IOS XE Software, classified under CWE-121. It carries a CVSS v3.1 score …

CVE-2025-53770 is a critical deserialization vulnerability (CWE-502) in on-premises Microsoft SharePoint Server that allows unauthorized remote code execution o…

CVE-2023-0386 is a local privilege escalation vulnerability in the Linux kernel's OverlayFS subsystem, classified under CWE-282 (Improper Neutralization of Dire…

CVE-2025-21479 is a high-severity memory corruption vulnerability (CWE-863) affecting Qualcomm multiple chipsets, caused by unauthorized command execution in th…

CVE-2025-21480 is a memory corruption vulnerability in Qualcomm multiple chipsets caused by unauthorized command execution in the GPU micronode. The issue is cl…

CVE-2025-4632 is a critical path traversal vulnerability (CWE-22) in Samsung MagicINFO 9 Server versions prior to 21.1052, allowing attackers to write arbitrary…

CVE-2025-32709 is a high-severity local privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, classified as a null pointer de…

CVE-2025-32706 is a high-severity local privilege escalation vulnerability in the Windows Common Log File System Driver, classified under CWE-20 for improper in…

CVE-2025-32701 is a high-severity (CVSS 7.8) memory corruption vulnerability classified as CWE-416 (Use After Free) within the Windows Common Log File System Dr…

CVE-2025-30400 is a high-severity (CVSS 7.8) memory corruption vulnerability classified as CWE-416 (Use After Free) affecting Microsoft Windows. The flaw reside…

CVE-2025-1976 affects Broadcom Brocade Fabric OS versions 9.1.0 through 9.1.1d6, allowing a local user with admin privileges to execute arbitrary code with full…

CVE-2025-42599 is a critical stack-based buffer overflow (CWE-121) in Active! Mail versions 6 BuildInfo 6.60.05008561 and earlier, allowing remote unauthenticat…