CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1755 – MongoDB Compass may be susceptible to local privilege escalation in Windows
https://notcve.org/view.php?id=CVE-2025-1755
27 Feb 2025 — MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/COMPASS-9058 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38292
https://notcve.org/view.php?id=CVE-2024-38292
27 Feb 2025 — In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. • https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39441
https://notcve.org/view.php?id=CVE-2024-39441
26 Feb 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1894203086612791298 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0889 – Privilege Management for Windows – Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-0889
26 Feb 2025 — Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process. • https://www.beyondtrust.com/trust-center/security-advisories/bt25-01 • CWE-268: Privilege Chaining •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1295 – Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-1295
26 Feb 2025 — The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. • http://localhost:1337/wp-content/plugins/templines-helper-core/youzify/youzify.php#L3082 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27148 – Gradle vulnerable to local privilege escalation through system temporary directory
https://notcve.org/view.php?id=CVE-2025-27148
25 Feb 2025 — This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. • https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26601 – Xorg: xwayland: use-after-free in syncinittrigger()
https://notcve.org/view.php?id=CVE-2025-26601
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26601 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26600 – Xorg: xwayland: use-after-free in playreleasedevents()
https://notcve.org/view.php?id=CVE-2025-26600
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26600 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26599 – Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
https://notcve.org/view.php?id=CVE-2025-26599
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26599 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26598 – Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
https://notcve.org/view.php?id=CVE-2025-26598
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26598 • CWE-787: Out-of-bounds Write •