
CVE-2025-24828
https://notcve.org/view.php?id=CVE-2025-24828
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7842 • CWE-426: Untrusted Search Path •

CVE-2025-24827
https://notcve.org/view.php?id=CVE-2025-24827
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7841 • CWE-426: Untrusted Search Path •

CVE-2025-24829
https://notcve.org/view.php?id=CVE-2025-24829
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7839 • CWE-426: Untrusted Search Path •

CVE-2025-24830
https://notcve.org/view.php?id=CVE-2025-24830
31 Jan 2025 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7829 • CWE-426: Untrusted Search Path •

CVE-2025-24831
https://notcve.org/view.php?id=CVE-2025-24831
31 Jan 2025 — Local privilege escalation due to unquoted search path vulnerability. • https://security-advisory.acronis.com/advisories/SEC-6153 • CWE-428: Unquoted Search Path or Element •

CVE-2025-0834 – Wondershare Dr.Fone Privilege Scalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-0834
30 Jan 2025 — This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. • https://www.incibe.es/en/incibe-cert/notices/aviso/wondershare-drfone-privilege-scalation-vulnerability • CWE-269: Improper Privilege Management •

CVE-2025-24794 – The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache
https://notcve.org/view.php?id=CVE-2025-24794
29 Jan 2025 — The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. • https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af • CWE-502: Deserialization of Untrusted Data •

CVE-2025-24789 – Snowflake JDBC allows an untrusted search path on Windows
https://notcve.org/view.php?id=CVE-2025-24789
29 Jan 2025 — When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. • https://github.com/snowflakedb/snowflake-jdbc/commit/4f01bb8f9b708c71e7a2111c87371dbfc1d53dd6 • CWE-426: Untrusted Search Path •

CVE-2021-3978 – Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
https://notcve.org/view.php?id=CVE-2021-3978
29 Jan 2025 — Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. • https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85 • CWE-269: Improper Privilege Management •

CVE-2024-57395
https://notcve.org/view.php?id=CVE-2024-57395
29 Jan 2025 — Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters. • http://www.hzzcka.com • CWE-522: Insufficiently Protected Credentials •