CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-2762 – CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2762
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8774 – Privilege Escalation in SIMPLE.ERP
https://notcve.org/view.php?id=CVE-2024-8774
24 Mar 2025 — The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. • https://cert.pl/en/posts/2025/03/CVE-2024-8773 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24915
https://notcve.org/view.php?id=CVE-2025-24915
21 Mar 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-02 • CWE-276: Incorrect Default Permissions •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53348
https://notcve.org/view.php?id=CVE-2024-53348
21 Mar 2025 — LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges. • https://gist.github.com/HouqiyuA/8c734c849c1a9b69ac96c46eba4acbcb • CWE-284: Improper Access Control •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-8982 – Local File Inclusion in bentoml/openllm
https://notcve.org/view.php?id=CVE-2024-8982
20 Mar 2025 — Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment. • https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48590
https://notcve.org/view.php?id=CVE-2024-48590
20 Mar 2025 — This allows an attacker to escalate privileges and obtain sensitive information. • https://github.com/GCatt-AS/CVE-2024-48590 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-26393 – SolarWinds Service Desk Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-26393
17 Mar 2025 — The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-26125
https://notcve.org/view.php?id=CVE-2025-26125
17 Mar 2025 — An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges. • https://github.com/ZeroMemoryEx/CVE-2025-26125 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25225 – Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla
https://notcve.org/view.php?id=CVE-2025-25225
15 Mar 2025 — A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. • https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25225 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29775 – xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
https://notcve.org/view.php?id=CVE-2025-29775
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •