Tag

#Privilege Escalation

CVE-2026-56396: phpMyFAQ Privilege Escalation Vulnerability

A vulnerability in phpMyFAQ before version 4.1.4 allows authenticated administrators to escalate privileges due to missing authorization in the editUser() and updateUserRights() endpoints. Non-SuperAdmin users with edit_user permission can exploit this to gain SuperAdmin access. The vulnerability has a CVSS score of 8.8.

Jun 22, 20261 source

articleHIGH 7.8

CVE-2026-12786: Local Privilege Escalation in Ezbsystems UltraISO Premium Edition

A vulnerability in Ezbsystems UltraISO Premium Edition up to version 9.76 allows local attackers to escalate privileges due to improper access controls in the kernel driver bootpt64.sys. The vulnerability has a CVSS score of 7.8 and requires local access to exploit. While not actively exploited, the exploit has been disclosed publicly. Immediate patching or mitigation is recommended.

Jun 21, 20261 source