CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24805 – Local Privilege Escalation in MobSF
https://notcve.org/view.php?id=CVE-2025-24805
05 Feb 2025 — A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. • https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83 • CWE-269: Improper Privilege Management •
CVSS: 3.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20185 – Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-20185
05 Feb 2025 — A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11468
https://notcve.org/view.php?id=CVE-2024-11468
04 Feb 2025 — Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. • https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11467
https://notcve.org/view.php?id=CVE-2024-11467
04 Feb 2025 — Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. ... Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. • https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-23015 – Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
https://notcve.org/view.php?id=CVE-2025-23015
04 Feb 2025 — Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. • https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0413 – Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-0413
04 Feb 2025 — Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitr... • https://kb.parallels.com/130212 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35177 – Improper Access Control in wazuh-agent
https://notcve.org/view.php?id=CVE-2024-35177
03 Feb 2025 — The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. ... Many DLLs are loaded from the installation folder and by creating a m... • https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20642
https://notcve.org/view.php?id=CVE-2025-20642
03 Feb 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20641
https://notcve.org/view.php?id=CVE-2025-20641
03 Feb 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20639
https://notcve.org/view.php?id=CVE-2025-20639
03 Feb 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •