CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57438
https://notcve.org/view.php?id=CVE-2024-57438
29 Jan 2025 — Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. • https://gitee.com/y_project/RuoYi • CWE-863: Incorrect Authorization •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24826
https://notcve.org/view.php?id=CVE-2025-24826
28 Jan 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-6436 • CWE-276: Incorrect Default Permissions •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40677
https://notcve.org/view.php?id=CVE-2024-40677
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 2CVE-2024-40676
https://notcve.org/view.php?id=CVE-2024-40676
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://github.com/Aakashmom/frameworks_base_accounts_CVE-2024-40676 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40672
https://notcve.org/view.php?id=CVE-2024-40672
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727 • CWE-281: Improper Preservation of Permissions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40669
https://notcve.org/view.php?id=CVE-2024-40669
28 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40651
https://notcve.org/view.php?id=CVE-2024-40651
28 Jan 2025 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40649
https://notcve.org/view.php?id=CVE-2024-40649
28 Jan 2025 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. • https://source.android.com/security/bulletin/2024-10-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-23385
https://notcve.org/view.php?id=CVE-2025-23385
28 Jan 2025 — In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-114: Process Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-0065 – Improper Neutralization of Argument Delimiters in TeamViewer Clients
https://notcve.org/view.php?id=CVE-2025-0065
28 Jan 2025 — Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary ... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •