CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24827
https://notcve.org/view.php?id=CVE-2025-24827
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7841 • CWE-426: Untrusted Search Path •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24829
https://notcve.org/view.php?id=CVE-2025-24829
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7839 • CWE-426: Untrusted Search Path •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24830
https://notcve.org/view.php?id=CVE-2025-24830
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7829 • CWE-426: Untrusted Search Path •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24831
https://notcve.org/view.php?id=CVE-2025-24831
31 Jan 2025 — Local privilege escalation due to unquoted search path vulnerability. • https://security-advisory.acronis.com/advisories/SEC-6153 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57948 – mac802154: check local interfaces before deleting sdata list
https://notcve.org/view.php?id=CVE-2024-57948
31 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system. ... To avoid this issue, add a check for local->interfaces before deleting sdata list. To avoid this issue, add a check for local->interfaces before deleting sdata list. • https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2025-0145 – Zoom Workplace Apps for Windows - Untrusted Search Path
https://notcve.org/view.php?id=CVE-2025-0145
30 Jan 2025 — Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. • https://www.zoom.com/en/trust/security-bulletin/zsb-25004 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0834 – Wondershare Dr.Fone Privilege Scalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-0834
30 Jan 2025 — Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. • https://www.incibe.es/en/incibe-cert/notices/aviso/wondershare-drfone-privilege-scalation-vulnerability • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24794 – The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache
https://notcve.org/view.php?id=CVE-2025-24794
29 Jan 2025 — The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. • https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3978 – Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
https://notcve.org/view.php?id=CVE-2021-3978
29 Jan 2025 — Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. • https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57395
https://notcve.org/view.php?id=CVE-2024-57395
29 Jan 2025 — Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. • http://www.hzzcka.com • CWE-522: Insufficiently Protected Credentials •