
CVE-2024-57438
https://notcve.org/view.php?id=CVE-2024-57438
29 Jan 2025 — Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. • https://gitee.com/y_project/RuoYi • CWE-863: Incorrect Authorization •

CVE-2025-24826
https://notcve.org/view.php?id=CVE-2025-24826
28 Jan 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-6436 • CWE-276: Incorrect Default Permissions •

CVE-2025-23385
https://notcve.org/view.php?id=CVE-2025-23385
28 Jan 2025 — In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-114: Process Control •

CVE-2025-0065 – Improper Neutralization of Argument Delimiters in TeamViewer Clients
https://notcve.org/view.php?id=CVE-2025-0065
28 Jan 2025 — Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection. This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context o... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVE-2024-55968
https://notcve.org/view.php?id=CVE-2024-55968
28 Jan 2025 — This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection. • https://github.com/Wi1DN00B/CVE-2024-55968 • CWE-798: Use of Hard-coded Credentials •

CVE-2024-57052
https://notcve.org/view.php?id=CVE-2024-57052
27 Jan 2025 — An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. • https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8 • CWE-384: Session Fixation •

CVE-2024-57276
https://notcve.org/view.php?id=CVE-2024-57276
27 Jan 2025 — The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path. • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-57276/Description.md • CWE-428: Unquoted Search Path or Element •

CVE-2025-0543 – G DATA Security Client Local privilege escalation
https://notcve.org/view.php?id=CVE-2025-0543
25 Jan 2025 — Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543 • CWE-276: Incorrect Default Permissions •

CVE-2025-0542 – G DATA Management Server Local privilege escalation
https://notcve.org/view.php?id=CVE-2025-0542
25 Jan 2025 — Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write. • https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions •

CVE-2025-22611 – Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-22611
24 Jan 2025 — Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. • https://github.com/coollabsio/coolify/security/advisories/GHSA-9w72-9qww-qj6g • CWE-862: Missing Authorization •