CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41197
https://notcve.org/view.php?id=CVE-2024-41197
22 May 2025 — An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://drive.google.com/file/d/1XgbcJqYIHxAROcCACdgdD8V_97Hcwdze/view?usp=drive_link • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41198
https://notcve.org/view.php?id=CVE-2024-41198
22 May 2025 — An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://drive.google.com/file/d/1k7P36ygRjQE6XfcT-FJgsN2yrtQy2yhH/view?usp=drive_link • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41199
https://notcve.org/view.php?id=CVE-2024-41199
22 May 2025 — An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://drive.google.com/file/d/1dVvH9l0gKRK0OPcF6_8yTLPsARKFqWqB/view?usp=drive_link • CWE-269: Improper Privilege Management CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-44040
https://notcve.org/view.php?id=CVE-2025-44040
21 May 2025 — An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function Un problema en OrangeHRM v.5.7 permite a un atacante escalar privilegios a través de UserService.php y la función checkFOrOldHash • https://github.com/hexomedin3/advisories/tree/main/CVE-2025-44040 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27997
https://notcve.org/view.php?id=CVE-2025-27997
21 May 2025 — An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. • https://gist.github.com/sornram9254/4593dd5eb2bcca50d68dc6ac70e40b24 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-27998
https://notcve.org/view.php?id=CVE-2025-27998
21 May 2025 — An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL. • https://gist.github.com/sornram9254/e8d10efcf246cc50ff3d4f837b261616 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-3931 – Yggdrasil: local privilege escalation in yggdrasil
https://notcve.org/view.php?id=CVE-2025-3931
14 May 2025 — This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. • https://access.redhat.com/errata/RHSA-2025:7592 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0035
https://notcve.org/view.php?id=CVE-2025-0035
13 May 2025 — Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-36321
https://notcve.org/view.php?id=CVE-2024-36321
13 May 2025 — Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html • CWE-428: Unquoted Search Path or Element •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2025-29837 – Windows Installer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29837
13 May 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user and disclose stored credentials, leading to further compromise. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29837 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •