
CVE-2025-7784 – Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)
https://notcve.org/view.php?id=CVE-2025-7784
18 Jul 2025 — An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. • https://access.redhat.com/security/cve/CVE-2025-7784 • CWE-269: Improper Privilege Management •

CVE-2025-52166
https://notcve.org/view.php?id=CVE-2025-52166
18 Jul 2025 — Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information. • http://agorum.com • CWE-284: Improper Access Control •

CVE-2025-1729
https://notcve.org/view.php?id=CVE-2025-1729
17 Jul 2025 — A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-189489 • CWE-427: Uncontrolled Search Path Element •

CVE-2025-1700
https://notcve.org/view.php?id=CVE-2025-1700
17 Jul 2025 — A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. • https://en-us.support.motorola.com/app/answers/detail/a_id/186730/~/motorola-software-fix-installer-vulnerability • CWE-427: Uncontrolled Search Path Element •

CVE-2025-0886
https://notcve.org/view.php?id=CVE-2025-0886
17 Jul 2025 — An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-182738 • CWE-276: Incorrect Default Permissions •

CVE-2025-7433
https://notcve.org/view.php?id=CVE-2025-7433
17 Jul 2025 — A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-502: Deserialization of Untrusted Data •

CVE-2025-23266 – NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host system. • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •

CVE-2024-13972
https://notcve.org/view.php?id=CVE-2024-13972
17 Jul 2025 — A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-276: Incorrect Default Permissions •

CVE-2025-7472
https://notcve.org/view.php?id=CVE-2025-7472
17 Jul 2025 — A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-427: Uncontrolled Search Path Element •

CVE-2025-34112 – Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
https://notcve.org/view.php?id=CVE-2025-34112
15 Jul 2025 — The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •