CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-25711
https://notcve.org/view.php?id=CVE-2025-25711
12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25710 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27591
https://notcve.org/view.php?id=CVE-2025-27591
11 Mar 2025 — This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. • https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24070 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24070
11 Mar 2025 — Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. ... This flaw allows an attacker with local access and low privileges to escalate privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22454
https://notcve.org/view.php?id=CVE-2025-22454
11 Mar 2025 — Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27494
https://notcve.org/view.php?id=CVE-2025-27494
11 Mar 2025 — This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27493
https://notcve.org/view.php?id=CVE-2025-27493
11 Mar 2025 — This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27396
https://notcve.org/view.php?id=CVE-2025-27396
11 Mar 2025 — Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. • https://cert-portal.siemens.com/productcert/html/ssa-075201.html • CWE-273: Improper Check for Dropped Privileges •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-26656 – Missing Authorization check in S/4HANA (Manage Purchasing Info Records)
https://notcve.org/view.php?id=CVE-2025-26656
11 Mar 2025 — OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. • https://me.sap.com/notes/3474392 • CWE-862: Missing Authorization •
CVSS: 3.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-26655 – Missing Authorization check in SAP JIT(Outbound)
https://notcve.org/view.php?id=CVE-2025-26655
11 Mar 2025 — SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. • https://me.sap.com/notes/3347991 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-25871 – OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read
https://notcve.org/view.php?id=CVE-2025-25871
07 Mar 2025 — An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. • https://packetstorm.news/files/id/189621 • CWE-281: Improper Preservation of Permissions •