
CVE-2025-25452
https://notcve.org/view.php?id=CVE-2025-25452
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través del endpoint "/user" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •

CVE-2025-27644
https://notcve.org/view.php?id=CVE-2025-27644
05 Mar 2025 — Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. • https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm • CWE-269: Improper Privilege Management •

CVE-2025-21092 – GMOD Apollo Incorrect Privilege Assignment
https://notcve.org/view.php?id=CVE-2025-21092
04 Mar 2025 — This could result in an attacker being able to escalate privileges for themselves or others. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-266: Incorrect Privilege Assignment •

CVE-2025-20650
https://notcve.org/view.php?id=CVE-2025-20650
03 Mar 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •

CVE-2025-20645
https://notcve.org/view.php?id=CVE-2025-20645
03 Mar 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •

CVE-2025-26206
https://notcve.org/view.php?id=CVE-2025-26206
03 Mar 2025 — Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component • https://github.com/xibhi/CVE-2025-26206 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2025-25953
https://notcve.org/view.php?id=CVE-2025-25953
03 Mar 2025 — This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640 • CWE-862: Missing Authorization •

CVE-2025-1756 – MongoDB Shell may be susceptible to local privilege escalation in Windows
https://notcve.org/view.php?id=CVE-2025-1756
27 Feb 2025 — mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/MONGOSH-2028 • CWE-426: Untrusted Search Path •

CVE-2025-1755 – MongoDB Compass may be susceptible to local privilege escalation in Windows
https://notcve.org/view.php?id=CVE-2025-1755
27 Feb 2025 — MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/COMPASS-9058 • CWE-426: Untrusted Search Path •

CVE-2024-38292
https://notcve.org/view.php?id=CVE-2024-38292
27 Feb 2025 — In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. • https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •