Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

type:lpe — CVE vulnerabilities tagged 3231

3231 CVE security advisories tagged "type:lpe" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:lpe" identifies Local Privilege Escalation vulnerabilities, a critical security flaw where an attacker with limited user access exploits system weaknesses to gain elevated administrative rights. This matters significantly because it allows malicious actors to bypass standard security controls, potentially accessing sensitive data, installing malware, or compromising the entire system from a low-privilege entry point. Typical scenarios involve exploiting bugs in kernel code, misconfigured permissions, or vulnerable system services that improperly validate user inputs. Since many initial breaches start with low-level access, such as phishing or web exploits, LPE serves as a vital second stage for attackers aiming for full system control. Understanding these vulnerabilities is essential for developers to implement proper access controls and for administrators to patch systems promptly, thereby preventing lateral movement and maintaining overall infrastructure integrity against sophisticated threat actors.

CVE IDTitleCVSSSeverityPublished
CVE-2020-37255 WordPress Time Capsule Plugin 1.21.16 Authentication Bypass — Time Capsule PluginCWE-288 7.5 High2026-06-20
CVE-2026-12673 Liquidfiles 4.2.12以下版本存在越权漏洞 — liquidfilesCWE-285--2026-06-20
CVE-2026-11551 Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover — Branda – White Label & Branding, Free Login Page CustomizerCWE-640 9.8 Critical2026-06-19
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability — Microsoft 365 CopilotCWE-601 8.8 High2026-06-19
CVE-2026-32208 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based)CWE-79 8.8 High2026-06-19
CVE-2026-48129 Kestra task inputFiles accepts traversal filenames for worker file writes — kestraCWE-22 6.5 Medium2026-06-19
CVE-2026-49291 mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call — mcp-memory-serviceCWE-862 8.1 High2026-06-19
CVE-2025-71326 AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation — AVAST AntivirusCWE-428 7.8 High2026-06-19
CVE-2023-54353 Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation — ChromacamCWE-428 7.8 High2026-06-19
CVE-2022-50971 Malwarebytes 4.5 Unquoted Service Path Privilege Escalation — MalwarebytesCWE-428 7.8 High2026-06-19
CVE-2021-47985 Brother SAPSprint 7.60 Unquoted Service Path Privilege Escalation — SAPSprintCWE-428 7.8 High2026-06-19
CVE-2020-37254 Wondershare PDFelement 5.2.9 Privilege Escalation via Unquoted Service Path — PDFelementCWE-428 7.8 High2026-06-19
CVE-2020-37252 Realtek Audio Service 1.0.0.55 Unquoted Service Path Privilege Escalation — Realtek Audio ServiceCWE-428 7.8 High2026-06-19
CVE-2020-37253 Winstep 18.06.0096 Unquoted Service Path Privilege Escalation — WinstepCWE-428 7.8 High2026-06-19
CVE-2020-37251 RealTimes Desktop Service 18.1.4 Unquoted Service Path Privilege Escalation — RealTimes Desktop ServiceCWE-428 7.8 High2026-06-19
CVE-2020-37250 TFTP Broadband 4.3.0.1465 Unquoted Service Path Privilege Escalation — TFTP BroadbandCWE-428 7.8 High2026-06-19
CVE-2019-25747 Network Inventory Advisor 5.0.26.0 Unquoted Service Path Privilege Escalation — Network Inventory AdvisorCWE-428 7.8 High2026-06-19
CVE-2016-20095 Matrix42 Remote Control Host 3.20.0031 Unquoted Path Privilege Escalation — Matrix42 Remote Control HostCWE-428 7.8 High2026-06-19
CVE-2016-20094 AnyDesk 2.5.0 Unquoted Service Path Elevation of Privilege — AnyDeskCWE-428 7.8 High2026-06-19
CVE-2016-20093 Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation — WisecleanerCWE-428 7.8 High2026-06-19
CVE-2016-20092 NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege — NetDriveCWE-428 7.8 High2026-06-19
CVE-2016-20091 Windows Firewall Control 4.8.6.0 Unquoted Service Path Privilege Escalation — Windows Firewall ControlCWE-428 7.8 High2026-06-19
CVE-2016-20090 Comodo Dragon Browser 52.15.25.663 Privilege Escalation via Unquoted Service Path — Dragon BrowserCWE-428 7.8 High2026-06-19
CVE-2016-20088 Comodo Chromodo Browser 52.15.25.664 Unquoted Service Path Privilege Escalation — Chromodo BrowserCWE-428 7.8 High2026-06-19
CVE-2016-20086 Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation — Vembu StoreGridCWE-428 7.8 High2026-06-19
CVE-2016-20087 Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege — Fortitude HTTPCWE-428 7.8 High2026-06-19
CVE-2026-12104 Authenticated OS Command Injection in Bondix — Bondix ServerCWE-78--2026-06-19
CVE-2026-4026 FlexNet Manager Suite Privilege Escalation Vulnerability — FlexNet Manager SuiteCWE-284--2026-06-19
CVE-2026-46461 Dell SHM<3.2.2提权漏洞 — Server Hardware ManagerCWE-284 7.8 High2026-06-19
CVE-2026-51843 Tenda AC7 v15.03.06.44远程栈溢出漏洞 — n/a--2026-06-19

Vulnerabilities classified as type:lpe represent 3231 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.