CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-27462
https://notcve.org/view.php?id=CVE-2025-27462
29 May 2025 — A local unprivileged user on the guest OS can escalate privileges within he operating system. •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-27463
https://notcve.org/view.php?id=CVE-2025-27463
29 May 2025 — A local unprivileged user on the guest OS can escalate privileges within he operating system. •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-27464
https://notcve.org/view.php?id=CVE-2025-27464
29 May 2025 — A local unprivileged user on the guest OS can escalate privileges within he operating system. •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51392
https://notcve.org/view.php?id=CVE-2024-51392
29 May 2025 — An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component • https://github.com/OpenKnowledgeMaps/Headstart • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32801 – Loading a malicious hook library can lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2025-32801
28 May 2025 — Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or pl... • https://kb.isc.org/docs/cve-2025-32801 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25251
https://notcve.org/view.php?id=CVE-2025-25251
28 May 2025 — An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. • https://fortiguard.fortinet.com/psirt/FG-IR-25-016 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24917 – Improper Access Control leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-24917
23 May 2025 — In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. • https://www.tenable.com/security/tns-2025-10 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24916 – Improper Access Control leads to Local Priviledge Escalation
https://notcve.org/view.php?id=CVE-2025-24916
23 May 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-10 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4692 – ABUP IoT Cloud Platform Incorrect Privilege Assignment
https://notcve.org/view.php?id=CVE-2025-4692
22 May 2025 — If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-01 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40458
https://notcve.org/view.php?id=CVE-2024-40458
22 May 2025 — An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. • https://drive.google.com/file/d/1E8dxLt2LnvmLcCEUyp6qtnG-yZjyvMji/view?usp=drive_link • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •