Local privilege escalation in the sd command-line find-and-replace utility (versions 1.0.0 and earlier, by chmln) allows a local attacker to gain root privileges through a crafted command. The flaw stems from incorrect privilege assignment (CWE-266) and is exploitable locally with no authentication indicated by the CVSS vector (PR:N), yielding full confidentiality, integrity, and availability compromise. Publicly available exploit code exists (proof-of-concept gist), though the EPSS score is low at 0.18% (8th percentile), and the CVE is not listed in CISA KEV.
Bitdefender Total Security, Antivirus, Internet Security, and Endpoint Security Tools prior to version 27.0.47.241 allow local attackers with low privileges to execute arbitrary code as SYSTEM through a complex attack chain. The bdservicehost.exe service deletes files from C:\ProgramData\Atc\Feedback without validating symbolic links (CWE-59), enabling arbitrary file deletion that attackers chain with network-triggered file copy operations and filter driver bypass via DLL injection to achieve full privilege escalation. EPSS indicates 0.02% exploitation probability (6th percentile), and no public exploit code or active exploitation has been identified at time of analysis. Vendor has released patches addressing this multi-stage local escalation vector.
XML External Entity (XXE) injection in Adobe ColdFusion 2025.4, 2023.16, 2021.22 and earlier allows remote attackers to read arbitrary files from the server filesystem via maliciously crafted XML documents requiring user interaction. The vulnerability achieves scope change (CVSS S:C), meaning exploitation can affect resources beyond the vulnerable component. Adobe has released patches in APSB25-105. No confirmed active exploitation (CISA KEV) or public POC identified at time of analysis. EPSS data not available.
Denial of service in the Bluetooth firmware of the JXL 9-inch Car Android Double Din Player (Android v12.0) lets an attacker within Bluetooth range crash the head unit by sending a malformed Link Manager Protocol (LMP) packet. The flaw sits in the low-level Bluetooth baseband/link layer, so no pairing or user interaction is needed to disrupt availability of the in-vehicle infotainment system. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.28%, 20th percentile), consistent with a niche automotive product rather than a mass-exploited target.
Privilege escalation in NomySoft Nomysem (versions through May 2025) allows remote attackers with low privileges to gain elevated rights by abusing improperly used privileged APIs. The CVSS 7.1 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis tempers immediate risk despite the high impact ceiling.
Cross-site request forgery in 1Panel (versions 1.10.33 through 2.0.15) lets a remote attacker change the TCP port the web management service listens on by luring an authenticated administrator to a malicious webpage. Because the port-change endpoint has no anti-CSRF token or Origin/Referer checks, the victim's browser silently replays valid session cookies, moving the panel off its expected port and causing loss of access, denial of service, or unintended exposure on an attacker-chosen port. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is trivially craftable given the described missing defenses.
Account lockout denial-of-service in 1Panel (versions 1.10.33 through 2.0.15) allows a remote attacker to forcibly change an authenticated victim's username via a cross-site request forgery flaw in the Change Username endpoint at /settings/panel. Because the endpoint lacks anti-CSRF tokens and Origin/Referer validation, a victim who visits a malicious page while logged in unknowingly submits a username change with valid session cookies, after which they are logged out and locked out of their account. No public exploit identified at time of analysis; disclosed via a VulnCheck advisory with no CISA KEV listing and no EPSS data supplied.