CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40586
https://notcve.org/view.php?id=CVE-2024-40586
11 Feb 2025 — An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. • https://fortiguard.fortinet.com/psirt/FG-IR-23-279 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40591
https://notcve.org/view.php?id=CVE-2024-40591
11 Feb 2025 — An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. • https://fortiguard.fortinet.com/psirt/FG-IR-24-302 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53977
https://notcve.org/view.php?id=CVE-2024-53977
11 Feb 2025 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-637914.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-54916
https://notcve.org/view.php?id=CVE-2024-54916
11 Feb 2025 — An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method. • https://github.com/SAHALLL/CVE-2024-54916 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21692 – net: sched: fix ets qdisc OOB Indexing
https://notcve.org/view.php?id=CVE-2025-21692
10 Feb 2025 — The overflow may cause local privilege escalation. The overflow may cause local privilege escalation. • https://git.kernel.org/stable/c/dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-55215
https://notcve.org/view.php?id=CVE-2024-55215
07 Feb 2025 — An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. • https://github.com/ainrm/Jrohy-trojan-unauth-poc • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-57429
https://notcve.org/view.php?id=CVE-2024-57429
06 Feb 2025 — A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request. • https://github.com/ahrixia/CVE-2024-57429 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24805 – Local Privilege Escalation in MobSF
https://notcve.org/view.php?id=CVE-2025-24805
05 Feb 2025 — A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. • https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11468
https://notcve.org/view.php?id=CVE-2024-11468
04 Feb 2025 — Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. • https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-11467
https://notcve.org/view.php?id=CVE-2024-11467
04 Feb 2025 — Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. Successful exploitation of this ... • https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf • CWE-269: Improper Privilege Management •