CVSS: 9.4EPSS: 0%CPEs: -EXPL: 3CVE-2012-10040 – Openfiler v2.x NetworkCard Command Execution
https://notcve.org/view.php?id=CVE-2012-10040
11 Aug 2025 — Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password. • http://web.archive.org/web/20210922060411/https://itsecuritysolutions.org/2012-09-06-Openfiler-v2.x-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2012-10041 – WAN Emulator v2.3 Command Execution
https://notcve.org/view.php?id=CVE-2012-10041
08 Aug 2025 — An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/wanem_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10043 – ActFax 4.32 Client Importer Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-10043
08 Aug 2025 — A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in a... • https://web.archive.org/web/20130712072809/http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3770 – SMM IDT Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-3770
07 Aug 2025 — EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. ... EDK2 contiene una vulnerabilidad en la BIOS que permite a un atacante provocar un fallo del mecanismo de protección mediante acceso local. • https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr • CWE-693: Protection Mechanism Failure •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7768 – Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced
https://notcve.org/view.php?id=CVE-2025-7768
06 Aug 2025 — This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7771 – Code Execution / Escalation of Privileges in ThrottleStop
https://notcve.org/view.php?id=CVE-2025-7771
06 Aug 2025 — The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ... The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. • https://github.com/klsecservices/Advisories/blob/master/K-TechPowerUp-2025-001.md • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-50234
https://notcve.org/view.php?id=CVE-2025-50234
06 Aug 2025 — An attacker can craft a malicious encrypted pic parameter, which, when decrypted, points to internal addresses or local file paths (such as http://127.0.0.1 or file://). By using the file:// protocol, the attacker can access arbitrary files on the local file system (e.g., file:///etc/passwd, file:///C:/Windows/System32/drivers/etc/hosts), allowing them to read sensitive configuration files, log files, and more, leading to information leakage or system exposure. The danger of this SSRF vulnerab... • https://github.com/xiaoyangsec/mccms/blob/main/MCCMS-SSRF.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8612 – AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-8612
06 Aug 2025 — AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. ... An attacker can leverage this vulnerability to escalate privileges and execute ... • https://www.zerodayinitiative.com/advisories/ZDI-25-806 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41698 – Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization
https://notcve.org/view.php?id=CVE-2025-41698
05 Aug 2025 — A low privileged local attacker can interact with the affected service although user-interaction should not be allowed. Un atacante local con pocos privilegios puede interactuar con el servicio afectado, aunque no se debe permitir la interacción del usuario. • https://certvde.com/en/advisories/VDE-2025-028 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54802 – pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-54802
05 Aug 2025 — In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). ... This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. ... En las versiones 0.5.0b3.dev89 y anteriores, existe la posibilidad de path traversal en el CNL Blueprint de ... • https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •