CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41196
https://notcve.org/view.php?id=CVE-2024-41196
22 May 2025 — An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://cwe.mitre.org/data/definitions/285.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41197
https://notcve.org/view.php?id=CVE-2024-41197
22 May 2025 — An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://drive.google.com/file/d/1XgbcJqYIHxAROcCACdgdD8V_97Hcwdze/view?usp=drive_link • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41198
https://notcve.org/view.php?id=CVE-2024-41198
22 May 2025 — An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://drive.google.com/file/d/1k7P36ygRjQE6XfcT-FJgsN2yrtQy2yhH/view?usp=drive_link • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-41199
https://notcve.org/view.php?id=CVE-2024-41199
22 May 2025 — An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://drive.google.com/file/d/1dVvH9l0gKRK0OPcF6_8yTLPsARKFqWqB/view?usp=drive_link • CWE-269: Improper Privilege Management CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-45468
https://notcve.org/view.php?id=CVE-2025-45468
22 May 2025 — Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. • https://gist.github.com/zolaer9527/fda954ea6ab9a34b3d3de35e7131e3e1 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-45471
https://notcve.org/view.php?id=CVE-2025-45471
22 May 2025 — Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. • https://gist.github.com/zolaer9527/549d5f466359829a3f1aaafebe7ecc3f • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-45472
https://notcve.org/view.php?id=CVE-2025-45472
22 May 2025 — Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. • https://gist.github.com/zolaer9527/9a703e9dc575bf1889b275caf7121578 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27997
https://notcve.org/view.php?id=CVE-2025-27997
21 May 2025 — An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. • https://gist.github.com/sornram9254/4593dd5eb2bcca50d68dc6ac70e40b24 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27998
https://notcve.org/view.php?id=CVE-2025-27998
21 May 2025 — An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. • https://gist.github.com/sornram9254/e8d10efcf246cc50ff3d4f837b261616 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-44040
https://notcve.org/view.php?id=CVE-2025-44040
21 May 2025 — An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function Un problema en OrangeHRM v.5.7 permite a un atacante escalar privilegios a través de UserService.php y la función checkFOrOldHash • https://github.com/hexomedin3/advisories/tree/main/CVE-2025-44040 • CWE-269: Improper Privilege Management •