CVSS: 8.5EPSS: 0%CPEs: -EXPL: 3CVE-2016-15045 – Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation
https://notcve.org/view.php?id=CVE-2016-15045
23 Jul 2025 — A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb • CWE-269: Improper Privilege Management CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54140 – pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
https://notcve.org/view.php?id=CVE-2025-54140
22 Jul 2025 — In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. ... This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. • https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-46120
https://notcve.org/view.php?id=CVE-2025-46120
21 Jul 2025 — An issue was discovered in CommScope Ruckus Unleashed prior to 200.14.6.1.203 and in Ruckus ZoneDirector, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller. An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and ... • http://commscope.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38350 – net/sched: Always pass notifications when child class becomes empty
https://notcve.org/view.php?id=CVE-2025-38350
19 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/1034e3310752e8675e313f7271b348914008719a •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-52166
https://notcve.org/view.php?id=CVE-2025-52166
18 Jul 2025 — Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information. • http://agorum.com • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1729
https://notcve.org/view.php?id=CVE-2025-1729
17 Jul 2025 — A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-189489 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1700
https://notcve.org/view.php?id=CVE-2025-1700
17 Jul 2025 — A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. • https://en-us.support.motorola.com/app/answers/detail/a_id/186730/~/motorola-software-fix-installer-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.5EPSS: 0%CPEs: 33EXPL: 0CVE-2025-0886
https://notcve.org/view.php?id=CVE-2025-0886
17 Jul 2025 — An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-182738 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7433
https://notcve.org/view.php?id=CVE-2025-7433
17 Jul 2025 — A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-23266 – NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host system. • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •