Vo Duc Thang (ugvxb)

2 exploits Active since May 2026
CVE-2026-9789 GITHUB HIGH python WORKING POC
NitroSense V3: Security Vulnerability Information
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority.
1 stars
CVE-2026-9490 GITHUB MEDIUM python WORKING POC
Acer Care Center creates a Named Pipe with a weak Security Descriptor
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service to crash with exit code 1067 (ERROR_PROCESS_ABORTED). To mitigate this potential local service disruption, Acer requires users to update the software to the latest version.
1 stars
CVSS 5.5