CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21606 – Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
https://notcve.org/view.php?id=CVE-2025-21606
17 Jan 2025 — The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40514
https://notcve.org/view.php?id=CVE-2024-40514
16 Jan 2025 — Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. • https://github.com/php-lover-boy/ChatVia •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57726
https://notcve.org/view.php?id=CVE-2024-57726
15 Jan 2025 — These API keys can be used to escalate privileges to the server admin role. • https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23013
https://notcve.org/view.php?id=CVE-2025-23013
15 Jan 2025 — In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. • https://www.yubico.com/support/security-advisories/ysa-2025-01 • CWE-394: Unexpected Status Code or Return Value •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-21331 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21331
14 Jan 2025 — Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46480
https://notcve.org/view.php?id=CVE-2024-46480
13 Jan 2025 — An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. • https://github.com/Lorenzo-de-Sa/Vulnerability-Research • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0CVE-2025-0396 – exelban stats XPC Service shouldAcceptNewConnection command injection
https://notcve.org/view.php?id=CVE-2025-0396
12 Jan 2025 — It is possible to launch the attack on the local host. • https://winslow1984.com/books/cve-collection/page/stats-v21122-local-privilege-escalation • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53706 – SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-53706
09 Jan 2025 — A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL NSv. An attacker must first obtain the ability to execute low-privileged code on the target system or send a TCP packet to a local service in order to exploit this vulnerability. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9523 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9523
09 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9524 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9524
09 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •