CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29746
https://notcve.org/view.php?id=CVE-2025-29746
07 May 2025 — Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components • https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26262
https://notcve.org/view.php?id=CVE-2025-26262
06 May 2025 — An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. • https://github.com/rfxn/linux-malware-detect • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20668
https://notcve.org/view.php?id=CVE-2025-20668
05 May 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/May-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-20671
https://notcve.org/view.php?id=CVE-2025-20671
05 May 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/May-2025 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-2774 – Webmin CRLF Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2774
01 May 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-2759 – GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2759
30 Apr 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4085
https://notcve.org/view.php?id=CVE-2025-4085
29 Apr 2025 — An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915280 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-4082
https://notcve.org/view.php?id=CVE-2025-4082
29 Apr 2025 — Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. • https://bugzilla.mozilla.org/show_bug.cgi?id=1937097 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-2817 – firefox: thunderbird: Privilege escalation in Firefox Updater
https://notcve.org/view.php?id=CVE-2025-2817
29 Apr 2025 — By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. By injecting code into the user-privileged... • https://bugzilla.mozilla.org/show_bug.cgi?id=1917536 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25962
https://notcve.org/view.php?id=CVE-2025-25962
29 Apr 2025 — An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function • https://github.com/CVEProject/docs/blob/gh-pages/requester/reservation-guidelines.md • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •