CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27494
https://notcve.org/view.php?id=CVE-2025-27494
11 Mar 2025 — This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27493
https://notcve.org/view.php?id=CVE-2025-27493
11 Mar 2025 — This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27396
https://notcve.org/view.php?id=CVE-2025-27396
11 Mar 2025 — Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. • https://cert-portal.siemens.com/productcert/html/ssa-075201.html • CWE-273: Improper Check for Dropped Privileges •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-26656 – Missing Authorization check in S/4HANA (Manage Purchasing Info Records)
https://notcve.org/view.php?id=CVE-2025-26656
11 Mar 2025 — OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. • https://me.sap.com/notes/3474392 • CWE-862: Missing Authorization •
CVSS: 3.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-26655 – Missing Authorization check in SAP JIT(Outbound)
https://notcve.org/view.php?id=CVE-2025-26655
11 Mar 2025 — SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. • https://me.sap.com/notes/3347991 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-25871 – OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read
https://notcve.org/view.php?id=CVE-2025-25871
07 Mar 2025 — An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. • https://packetstorm.news/files/id/189621 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25451
https://notcve.org/view.php?id=CVE-2025-25451
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante físicamente próximo escale privilegios a través de la clave de almacenamiento local "2fa_authorized" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25452
https://notcve.org/view.php?id=CVE-2025-25452
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través del endpoint "/user" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25450
https://notcve.org/view.php?id=CVE-2025-25450
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través de la desactivación del segundo factor activado al punto final /session • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-25873 – OpenAdmin 0.3.4 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2025-25873
06 Mar 2025 — Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function Cross site request forgery in the Users and Change Root Password functions in OpenAdmin version 0.3.4 allows remote attackers to perform attacks enabling unauthorized actions that could lead to privilege escalation. • https://packetstorm.news/files/id/189597 • CWE-352: Cross-Site Request Forgery (CSRF) •