CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3931 – Yggdrasil: local privilege escalation in yggdrasil
https://notcve.org/view.php?id=CVE-2025-3931
14 May 2025 — This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. • https://access.redhat.com/errata/RHSA-2025:7592 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0035
https://notcve.org/view.php?id=CVE-2025-0035
13 May 2025 — Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-36321
https://notcve.org/view.php?id=CVE-2024-36321
13 May 2025 — Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html • CWE-428: Unquoted Search Path or Element •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2025-29837 – Windows Installer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29837
13 May 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user and disclose stored credentials, leading to further compromise. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29837 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 3%CPEs: 26EXPL: 0CVE-2025-32709 – Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2025-32709
13 May 2025 — Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29975 – Microsoft PC Manager Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29975
13 May 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29975 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-32917 – Privilege escalation in jar_signature
https://notcve.org/view.php?id=CVE-2025-32917
13 May 2025 — Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges. • https://checkmk.com/werk/17985 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-43009 – Missing Authorization check in SAP Service Parts Management (SPM)
https://notcve.org/view.php?id=CVE-2025-43009
13 May 2025 — SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. • https://me.sap.com/notes/2491817 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-43007 – Missing Authorization check in SAP Service Parts Management (SPM)
https://notcve.org/view.php?id=CVE-2025-43007
13 May 2025 — SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. • https://me.sap.com/notes/2719724 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31219 – Apple XNU kernel vm_map Race Condition Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-31219
12 May 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •