CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30407
https://notcve.org/view.php?id=CVE-2025-30407
26 Mar 2025 — Local privilege escalation due to a binary hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-8414 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25535
https://notcve.org/view.php?id=CVE-2025-25535
26 Mar 2025 — HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. • https://github.com/simalamuel/Research/tree/main/CVE-2025-25535 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2769 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2769
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2768 – Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2768
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2762 – CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2762
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8774 – Privilege Escalation in SIMPLE.ERP
https://notcve.org/view.php?id=CVE-2024-8774
24 Mar 2025 — The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. • https://cert.pl/en/posts/2025/03/CVE-2024-8773 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24915
https://notcve.org/view.php?id=CVE-2025-24915
21 Mar 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-02 • CWE-276: Incorrect Default Permissions •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53348
https://notcve.org/view.php?id=CVE-2024-53348
21 Mar 2025 — LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges. • https://gist.github.com/HouqiyuA/8c734c849c1a9b69ac96c46eba4acbcb • CWE-284: Improper Access Control •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-8982 – Local File Inclusion in bentoml/openllm
https://notcve.org/view.php?id=CVE-2024-8982
20 Mar 2025 — A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. ... Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment. • https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6 • CWE-29: Path Traversal: '\.. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48590
https://notcve.org/view.php?id=CVE-2024-48590
20 Mar 2025 — This allows an attacker to escalate privileges and obtain sensitive information. • https://github.com/GCatt-AS/CVE-2024-48590 • CWE-918: Server-Side Request Forgery (SSRF) •