CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31285
https://notcve.org/view.php?id=CVE-2025-31285
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31284
https://notcve.org/view.php?id=CVE-2025-31284
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31283
https://notcve.org/view.php?id=CVE-2025-31283
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31282
https://notcve.org/view.php?id=CVE-2025-31282
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22231 – VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
https://notcve.org/view.php?id=CVE-2025-22231
01 Apr 2025 — VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541 • CWE-269: Improper Privilege Management •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0416 – Valmet DNA Local privilege escalation through insecure DCOM configuration
https://notcve.org/view.php?id=CVE-2025-0416
01 Apr 2025 — Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. Th... • https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0416 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29033
https://notcve.org/view.php?id=CVE-2025-29033
01 Apr 2025 — An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php? • https://github.com/nikolas-ch/CVEs/tree/main/Bamboohr_25.0210.170831-83b08dd/OpenRedirect •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29036
https://notcve.org/view.php?id=CVE-2025-29036
01 Apr 2025 — An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component. • https://github.com/HypeDuke/vulnerable-research/blob/main/CVE-2025-29036 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24256 – Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24256
31 Mar 2025 — This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-22937
https://notcve.org/view.php?id=CVE-2025-22937
31 Mar 2025 — An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. • https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view • CWE-269: Improper Privilege Management •