CVSS: 8.8EPSS: 1%CPEs: -EXPL: 1CVE-2024-57778
https://notcve.org/view.php?id=CVE-2024-57778
14 Feb 2025 — An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. • https://github.com/KUK3N4N/CVE-2024-57778 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-26511 – Cassandra-Lucene-Index allows bypass of Cassandra RBAC
https://notcve.org/view.php?id=CVE-2025-26511
13 Feb 2025 — Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC and escalate their privileges. • https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-22960
https://notcve.org/view.php?id=CVE-2025-22960
13 Feb 2025 — Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23359 – NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23359
12 Feb 2025 — A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://nvidia.custhelp.com/app/answers/detail/a_id/5616 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51440
https://notcve.org/view.php?id=CVE-2024-51440
12 Feb 2025 — An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. • https://sharedobject.blog/posts/nothing-bpf • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57602
https://notcve.org/view.php?id=CVE-2024-57602
12 Feb 2025 — An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. • https://hkohi.ca/vulnerability/12 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57603
https://notcve.org/view.php?id=CVE-2024-57603
12 Feb 2025 — An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting. • https://github.com/mayswind/ezbookkeeping/issues/33 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57604
https://notcve.org/view.php?id=CVE-2024-57604
12 Feb 2025 — An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. • https://github.com/mayswind/ezbookkeeping/issues/33 • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-57605
https://notcve.org/view.php?id=CVE-2024-57605
12 Feb 2025 — Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. • https://hkohi.ca/vulnerability/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21373 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21373
11 Feb 2025 — Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •