
CVE-2025-36630 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36630
01 Jul 2025 — In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. En versiones de Tenable Nessus anteriores a 10.8.5 en un host Windows, se descubrió que un usuario no administrativo podía sobrescribir archivos arbitrarios del sistema local con contenido de registro con privilegio SYSTEM. • https://www.tenable.com/security/tns-2025-13 • CWE-269: Improper Privilege Management •

CVE-2025-32462 – sudo: LPE via host option
https://notcve.org/view.php?id=CVE-2025-32462
30 Jun 2025 — In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). ... However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. ... Rich Mirch discovered that sudo, a program designed to provide limited super user privileges to specific users, does not correctly... • https://www.openwall.com/lists/oss-security/2025/06/30/2 • CWE-863: Incorrect Authorization •

CVE-2025-24290
https://notcve.org/view.php?id=CVE-2025-24290
29 Jun 2025 — Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges. • https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2023-28906 – Command injection in networking service
https://notcve.org/view.php?id=CVE-2023-28906
28 Jun 2025 — A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-53391
https://notcve.org/view.php?id=CVE-2025-53391
28 Jun 2025 — The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root. • https://bugs.debian.org/1108288 • CWE-863: Incorrect Authorization •

CVE-2025-45737
https://notcve.org/view.php?id=CVE-2025-45737
27 Jun 2025 — ., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component. • https://github.com/za233/NeacController • CWE-269: Improper Privilege Management •

CVE-2025-52555 – CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
https://notcve.org/view.php?id=CVE-2025-52555
26 Jun 2025 — In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. • https://github.com/ceph/ceph/pull/60314 • CWE-269: Improper Privilege Management •

CVE-2025-36537 – Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
https://notcve.org/view.php?id=CVE-2025-36537
24 Jun 2025 — Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. ... This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privileges and ... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-49144 – Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
https://notcve.org/view.php?id=CVE-2025-49144
23 Jun 2025 — In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. ... Upon running the installer, the attack executes automatically with SYSTEM privileges. • https://github.com/assad12341/notepad-v8.8.1-LPE-CVE- • CWE-272: Least Privilege Violation CWE-276: Incorrect Default Permissions CWE-427: Uncontrolled Search Path Element •

CVE-2023-47031
https://notcve.org/view.php?id=CVE-2023-47031
23 Jun 2025 — An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. • http://ncr.com • CWE-284: Improper Access Control •