Local Privilege Escalation

Multiple vulnerabilities, including CVE-2026-45257 (kernel out-of-bounds write) and CVE-2026-49413 (Linux compatibility layer memory mapping), exist in FreeBSD branches 14 and 15, allowing a local unprivileged attacker to achieve privilege escalation.

CodexBar versions prior to 0.32.0 are vulnerable to insecure temporary file handling, allowing local attackers to access sensitive credentials or tamper with build artifacts due to predictable file paths in the release notarization workflow.

SocuSoft iPod Photo Slideshow 8.05 contains a stack-based buffer overflow vulnerability (CVE-2018-25375) in the registration dialog, allowing a local attacker to execute arbitrary code by overwriting the structured exception handler via crafted input.

SIPp 3.6 and earlier contains a local buffer overflow vulnerability (CVE-2018-25356) in command-line argument handling, allowing local attackers to potentially crash the application or execute arbitrary code by supplying oversized input to the -3pcc, -i, or -log_file parameters.

VX Search 10.6.18 contains a local buffer overflow vulnerability (CVE-2018-25328) that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field, leading to arbitrary code execution with application privileges.

Atomic Alarm Clock 6.3 is vulnerable to a stack overflow, allowing local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration (CVE-2020-37221).

Radare2 versions prior to 6.1.4 are vulnerable to a path traversal in project deletion, allowing local attackers to recursively delete arbitrary directories by escaping the 'dir.projects' root, leading to integrity and availability loss.

CVE-2026-32221 is a heap-based buffer overflow vulnerability in the Microsoft Graphics Component, allowing a local attacker to execute arbitrary code.

Easy Video to iPod Converter 1.6.20 is vulnerable to a local buffer overflow in the user registration field, allowing a local attacker to overwrite the structured exception handler (SEH) by providing a crafted payload exceeding 996 bytes in the username field, potentially leading to arbitrary code execution with user privileges.

A local attacker can exploit a vulnerability in Vim to execute arbitrary code on a vulnerable system.

Flat Assembler version 1.71.21 is susceptible to a stack-based buffer overflow vulnerability, allowing local attackers to achieve arbitrary code execution by providing a crafted, oversized input file.

PInfo version 0.6.9-5.1 is susceptible to a local buffer overflow vulnerability, enabling local attackers to execute arbitrary code by providing an overly large argument to the '-m' parameter, ultimately allowing for shellcode execution with user privileges.

TiEmu 3.03 is vulnerable to a buffer overflow in ROM parameter handling, enabling local attackers to crash the application or execute arbitrary code by providing an oversized ROM parameter via the command-line interface.

FlexHEX 2.71 is vulnerable to a local buffer overflow in the Stream Name field, allowing local attackers to execute arbitrary code via a structured exception handler (SEH) overflow.

Lavavo CD Ripper 4.20 is vulnerable to a structured exception handling (SEH) buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field leading to arbitrary code execution and a bind shell.

Admin Express 1.2.5.485 is susceptible to a local structured exception handling buffer overflow vulnerability, enabling local attackers to execute arbitrary code via a crafted payload in the Folder Path field of the System Compare feature.

A local privilege escalation vulnerability exists in Windows 11 24H2, Windows 11 25H2, and Windows Server 2022 23H2 due to improper handling of untrusted pointers in HTTP.sys via strcat truncation.

A local privilege escalation vulnerability exists in the Linux Kernel versions ~3.14+ through 6.18-rc5 due to a use-after-free in the proc_readdir_de() function, where a concurrent traversal can dereference a freed entry's fields during network device unregistration, leading to privilege escalation via modprobe_path overwrite.