CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-13975 – Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse
https://notcve.org/view.php?id=CVE-2024-13975
25 Jul 2025 — A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. ... A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11... • https://documentation.commvault.com/securityadvisories/CV_2024_09_1.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-48729
https://notcve.org/view.php?id=CVE-2024-48729
25 Jul 2025 — An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via the /osm/admin/v1/users component An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate... • http://open.com • CWE-269: Improper Privilege Management •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-48730
https://notcve.org/view.php?id=CVE-2024-48730
25 Jul 2025 — An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via not imposing any restrictions on the authentication attempts performed by an admin user An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate... • http://open.com • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26397 – SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-26397
24 Jul 2025 — SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26397 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-6685 – ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6685
24 Jul 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8069 – Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client
https://notcve.org/view.php?id=CVE-2025-8069
23 Jul 2025 — If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. ... This vulnerability allows local attackers to escalate privileges on affected installations of Amazon AWS Client VPN. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://aws.amazon.com/security/security-bulletins/AWS-2025-014 • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 3CVE-2016-15045 – Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation
https://notcve.org/view.php?id=CVE-2016-15045
23 Jul 2025 — A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). • https://www.exploit-db.com/exploits/39433 • CWE-269: Improper Privilege Management CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54140 – pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
https://notcve.org/view.php?id=CVE-2025-54140
22 Jul 2025 — This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. • https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-46120
https://notcve.org/view.php?id=CVE-2025-46120
21 Jul 2025 — ., via FTP) to escalate privileges and run arbitrary template code on the controller. An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and r... • http://commscope.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38350 – net/sched: Always pass notifications when child class becomes empty
https://notcve.org/view.php?id=CVE-2025-38350
19 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/1034e3310752e8675e313f7271b348914008719a •