
CVE-2025-49156 – Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49156
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVE-2025-49157 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49157
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVE-2025-49211 – Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49211
11 Jun 2025 — A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2025-49215 – Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49215
11 Jun 2025 — A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-242: Use of Inherently Dangerous Function •

CVE-2025-49218 – Trend Micro Endpoint Encryption ProcessWhereClause SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49218
11 Jun 2025 — A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2025-5822 – Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-5822
11 Jun 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. An attacker can leverage this vulnerability ... • https://www.zerodayinitiative.com/advisories/ZDI-25-340 • CWE-863: Incorrect Authorization •

CVE-2025-5834 – Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-5834
11 Jun 2025 — Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. • https://www.zerodayinitiative.com/advisories/ZDI-25-351 • CWE-1326: Missing Immutable Root of Trust in Hardware •

CVE-2024-9062 – macOS Archify: Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-9062
10 Jun 2025 — The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. ... As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges. • https://pentraze.com • CWE-306: Missing Authentication for Critical Function •

CVE-2025-32714 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32714
10 Jun 2025 — Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32714 • CWE-284: Improper Access Control •

CVE-2025-33075 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-33075
10 Jun 2025 — Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33075 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •