CVSS: 8.4EPSS: %CPEs: -EXPL: 0CVE-2025-366312
https://notcve.org/view.php?id=CVE-2025-366312
12 Jun 2025 — In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. ... In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. - CVE-2025-366323. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete ... •
CVSS: 8.4EPSS: %CPEs: -EXPL: 0CVE-2025-366323
https://notcve.org/view.php?id=CVE-2025-366323
12 Jun 2025 — In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. ... In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. - CVE-2025-366323. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete ... •
CVSS: 8.4EPSS: %CPEs: -EXPL: 0CVE-2025-366331
https://notcve.org/view.php?id=CVE-2025-366331
12 Jun 2025 — In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. ... In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. - CVE-2025-366323. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete ... •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49148 – ClipShare Server Allows Local Privilege Escalation via DLL Hijacking
https://notcve.org/view.php?id=CVE-2025-49148
11 Jun 2025 — A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. • https://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3473 – IBM Security Guardium privilege escalation
https://notcve.org/view.php?id=CVE-2025-3473
11 Jun 2025 — IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. • https://www.ibm.com/support/pages/node/7236356 • CWE-277: Insecure Inherited Permissions •
CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1244 – Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft
https://notcve.org/view.php?id=CVE-2024-1244
11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://pentraze.com • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1243 – Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft
https://notcve.org/view.php?id=CVE-2024-1243
11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49158 – Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49158
11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... Furthermore, privilege escalation occurs only if an administrator uninstalls the Security Agent from the affected computer. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48443 – Trend Micro Password Manager Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-48443
11 Jun 2025 — Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. ... An att... • https://helpcenter.trendmicro.com/en-us/article/TMKA-12917 • CWE-64: Windows Shortcut Following (.LNK) •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49156 – Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49156
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •