CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-2762 – CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2762
25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-8774 – Privilege Escalation in SIMPLE.ERP
https://notcve.org/view.php?id=CVE-2024-8774
24 Mar 2025 — The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. • https://cert.pl/en/posts/2025/03/CVE-2024-8773 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24915
https://notcve.org/view.php?id=CVE-2025-24915
21 Mar 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-02 • CWE-276: Incorrect Default Permissions •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53348
https://notcve.org/view.php?id=CVE-2024-53348
21 Mar 2025 — LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges. • https://gist.github.com/HouqiyuA/8c734c849c1a9b69ac96c46eba4acbcb • CWE-284: Improper Access Control •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-8982 – Local File Inclusion in bentoml/openllm
https://notcve.org/view.php?id=CVE-2024-8982
20 Mar 2025 — A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. ... Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment. • https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6 • CWE-29: Path Traversal: '\.. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48590
https://notcve.org/view.php?id=CVE-2024-48590
20 Mar 2025 — This allows an attacker to escalate privileges and obtain sensitive information. • https://github.com/GCatt-AS/CVE-2024-48590 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-26393 – SolarWinds Service Desk Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-26393
17 Mar 2025 — The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-26125
https://notcve.org/view.php?id=CVE-2025-26125
17 Mar 2025 — An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges. • https://github.com/ZeroMemoryEx/CVE-2025-26125 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29775 – xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
https://notcve.org/view.php?id=CVE-2025-29775
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29774 – xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
https://notcve.org/view.php?id=CVE-2025-29774
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •