CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9382
https://notcve.org/view.php?id=CVE-2018-9382
17 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2018-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9375
https://notcve.org/view.php?id=CVE-2018-9375
17 Jan 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://github.com/IOActive/AOSP-ExploitUserDictionary •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21606 – Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
https://notcve.org/view.php?id=CVE-2025-21606
17 Jan 2025 — The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40514
https://notcve.org/view.php?id=CVE-2024-40514
16 Jan 2025 — Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. • https://github.com/php-lover-boy/ChatVia • CWE-276: Incorrect Default Permissions •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22394
https://notcve.org/view.php?id=CVE-2025-22394
15 Jan 2025 — A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation. • https://www.dell.com/support/kbdoc/en-us/000267927/dsa-2025-033 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-57726
https://notcve.org/view.php?id=CVE-2024-57726
15 Jan 2025 — These API keys can be used to escalate privileges to the server admin role. • https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23013 – Gentoo Linux Security Advisory 202501-04
https://notcve.org/view.php?id=CVE-2025-23013
15 Jan 2025 — In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. • https://www.yubico.com/support/security-advisories/ysa-2025-01 • CWE-394: Unexpected Status Code or Return Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21127 – Photoshop Desktop | Uncontrolled Search Path Element (CWE-427)
https://notcve.org/view.php?id=CVE-2025-21127
14 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. • https://helpx.adobe.com/security/products/photoshop/apsb25-02.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-21331 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21331
14 Jan 2025 — Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13164 – Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-13164
14 Jan 2025 — An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-908: Use of Uninitialized Resource •