CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-25960
https://notcve.org/view.php?id=CVE-2025-25960
20 Feb 2025 — Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. • https://github.com/Abel-Lan/phpcms/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28777 – IBM Cognos Controller code execution
https://notcve.org/view.php?id=CVE-2024-28777
19 Feb 2025 — This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application. • https://www.ibm.com/support/pages/node/7183597 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26624 – Local Privilege Escalation in Rufus 4.6 and previous versions
https://notcve.org/view.php?id=CVE-2025-26624
18 Feb 2025 — Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7... • https://github.com/pbatard/rufus/commit/74dfa49707fd626b58d776d3400295740a29e23e • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0425 – Local Privilege Escalation via Config Manipulation
https://notcve.org/view.php?id=CVE-2025-0425
18 Feb 2025 — Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of... • https://www.cordaware.com/changelog/en/version-6_3_8_1.html • CWE-15: External Control of System or Configuration Setting •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1390 – pam_cap: Fix potential configuration parsing error
https://notcve.org/view.php?id=CVE-2025-1390
18 Feb 2025 — Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames. • https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51505
https://notcve.org/view.php?id=CVE-2024-51505
18 Feb 2025 — A highly trusted role (Config Admin) could leverage a race condition to escalate privileges. • https://eviden.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26507 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26507
14 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of HP LaserJet Pro MFP 3301fdw printers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: -EXPL: 1CVE-2024-57778
https://notcve.org/view.php?id=CVE-2024-57778
14 Feb 2025 — An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. • https://github.com/KUK3N4N/CVE-2024-57778 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-22960
https://notcve.org/view.php?id=CVE-2025-22960
13 Feb 2025 — Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23359 – NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23359
12 Feb 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://nvidia.custhelp.com/app/answers/detail/a_id/5616 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •