CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-8982 – Local File Inclusion in bentoml/openllm
https://notcve.org/view.php?id=CVE-2024-8982
20 Mar 2025 — A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. ... Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment. • https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6 • CWE-29: Path Traversal: '\.. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48590
https://notcve.org/view.php?id=CVE-2024-48590
20 Mar 2025 — This allows an attacker to escalate privileges and obtain sensitive information. • https://github.com/GCatt-AS/CVE-2024-48590 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-26393 – SolarWinds Service Desk Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-26393
17 Mar 2025 — The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-26125
https://notcve.org/view.php?id=CVE-2025-26125
17 Mar 2025 — An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges. • https://github.com/ZeroMemoryEx/CVE-2025-26125 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29775 – xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
https://notcve.org/view.php?id=CVE-2025-29775
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29774 – xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
https://notcve.org/view.php?id=CVE-2025-29774
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57062
https://notcve.org/view.php?id=CVE-2024-57062
13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25598
https://notcve.org/view.php?id=CVE-2025-25598
13 Mar 2025 — Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. • https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0117 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-0117
12 Mar 2025 — A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. • https://security.paloaltonetworks.com/CVE-2025-0117 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1984 – Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5
https://notcve.org/view.php?id=CVE-2025-1984
12 Mar 2025 — Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/03/Xerox-Security-Bulletin-XRX25-004-for-Xerox-FreeFlow-Print-Server-v7.pdf • CWE-269: Improper Privilege Management CWE-428: Unquoted Search Path or Element •