CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30407
https://notcve.org/view.php?id=CVE-2025-30407
26 Mar 2025 — Local privilege escalation due to a binary hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-8414 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25535
https://notcve.org/view.php?id=CVE-2025-25535
26 Mar 2025 — HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. • https://github.com/simalamuel/Research/tree/main/CVE-2025-25535 • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45482 – Privilege escalation in B&R APROL
https://notcve.org/view.php?id=CVE-2024-45482
25 Mar 2025 — An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands. • https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2769 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2769
25 Mar 2025 — Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in ... • https://www.zerodayinitiative.com/advisories/ZDI-25-183 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2768 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2768
25 Mar 2025 — Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in ... • https://www.zerodayinitiative.com/advisories/ZDI-25-182 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2762 – CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2762
25 Mar 2025 — CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to escalate privileges and exe... • https://www.zerodayinitiative.com/advisories/ZDI-25-176 • CWE-1326: Missing Immutable Root of Trust in Hardware •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8774 – Privilege Escalation in SIMPLE.ERP
https://notcve.org/view.php?id=CVE-2024-8774
24 Mar 2025 — The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. • https://cert.pl/en/posts/2025/03/CVE-2024-8773 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24915
https://notcve.org/view.php?id=CVE-2025-24915
21 Mar 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-02 • CWE-276: Incorrect Default Permissions •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53348
https://notcve.org/view.php?id=CVE-2024-53348
21 Mar 2025 — LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges. • https://gist.github.com/HouqiyuA/8c734c849c1a9b69ac96c46eba4acbcb • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8248 – Path Traversal in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-8248
20 Mar 2025 — A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. • https://github.com/mintplex-labs/anything-llm/commit/47a5c7126c20e2277ee56e2c7ee11990886a40a7 • CWE-29: Path Traversal: '\.. •