
CVE-2025-49148 – ClipShare Server Allows Local Privilege Escalation via DLL Hijacking
https://notcve.org/view.php?id=CVE-2025-49148
11 Jun 2025 — A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. • https://github.com/thevindu-w/clip_share_server/security/advisories/GHSA-rc47-h83g-2r8j • CWE-427: Uncontrolled Search Path Element •

CVE-2025-3473 – IBM Security Guardium privilege escalation
https://notcve.org/view.php?id=CVE-2025-3473
11 Jun 2025 — IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. • https://www.ibm.com/support/pages/node/7236356 • CWE-277: Insecure Inherited Permissions •

CVE-2024-1244 – Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft
https://notcve.org/view.php?id=CVE-2024-1244
11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://pentraze.com • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •

CVE-2024-1243 – Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft
https://notcve.org/view.php?id=CVE-2024-1243
11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •

CVE-2025-49156 – Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49156
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVE-2025-49157 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49157
11 Jun 2025 — A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-269: Improper Privilege Management •

CVE-2025-49211 – Trend Micro Endpoint Encryption BuildEnterpriseSearchString SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49211
11 Jun 2025 — A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2025-5822 – Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-5822
11 Jun 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. An attacker can leverage this vulnerability ... • https://www.zerodayinitiative.com/advisories/ZDI-25-340 • CWE-863: Incorrect Authorization •

CVE-2025-49215 – Trend Micro Endpoint Encryption GetGroupFilteredUsers SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49215
11 Jun 2025 — A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. ... This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Endpoint Encryption. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/en-US/solution/KA-0019928 • CWE-242: Use of Inherently Dangerous Function •

CVE-2025-49158 – Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-49158
11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/en-US/solution/KA-0019917 • CWE-427: Uncontrolled Search Path Element •