CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-26393 – SolarWinds Service Desk Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-26393
17 Mar 2025 — The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-26125
https://notcve.org/view.php?id=CVE-2025-26125
17 Mar 2025 — An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges. • https://github.com/ZeroMemoryEx/CVE-2025-26125 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25225 – Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla
https://notcve.org/view.php?id=CVE-2025-25225
15 Mar 2025 — A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. • https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25225 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29775 – xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
https://notcve.org/view.php?id=CVE-2025-29775
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29774 – xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
https://notcve.org/view.php?id=CVE-2025-29774
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57062
https://notcve.org/view.php?id=CVE-2024-57062
13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25598
https://notcve.org/view.php?id=CVE-2025-25598
13 Mar 2025 — Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. • https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0117 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-0117
12 Mar 2025 — A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. • https://security.paloaltonetworks.com/CVE-2025-0117 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1984 – Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5
https://notcve.org/view.php?id=CVE-2025-1984
12 Mar 2025 — Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/03/Xerox-Security-Bulletin-XRX25-004-for-Xerox-FreeFlow-Print-Server-v7.pdf • CWE-269: Improper Privilege Management CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25709
https://notcve.org/view.php?id=CVE-2025-25709
12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25709 •