CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29036
https://notcve.org/view.php?id=CVE-2025-29036
01 Apr 2025 — An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component. • https://github.com/HypeDuke/vulnerable-research/blob/main/CVE-2025-29036 • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24256 – Apple macOS AppleIntelKBLGraphics Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-24256
31 Mar 2025 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122373 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-22937
https://notcve.org/view.php?id=CVE-2025-22937
31 Mar 2025 — An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. • https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-22939
https://notcve.org/view.php?id=CVE-2025-22939
31 Mar 2025 — A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. • https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-22941
https://notcve.org/view.php?id=CVE-2025-22941
31 Mar 2025 — A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. • https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2782 – WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory
https://notcve.org/view.php?id=CVE-2025-2782
28 Mar 2025 — The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2781 – WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory
https://notcve.org/view.php?id=CVE-2025-2781
28 Mar 2025 — The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2713 – Improper File Permission Handling in Google gVisor runsc
https://notcve.org/view.php?id=CVE-2025-2713
28 Mar 2025 — Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. • https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30232 – Debian Security Advisory 5887-1
https://notcve.org/view.php?id=CVE-2025-30232
27 Mar 2025 — A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30407
https://notcve.org/view.php?id=CVE-2025-30407
26 Mar 2025 — Local privilege escalation due to a binary hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-8414 • CWE-426: Untrusted Search Path •