
CVE-2025-22606 – Coolify Command Injection Vulnerability in Project Name
https://notcve.org/view.php?id=CVE-2025-22606
24 Jan 2025 — This vulnerability allows attackers to execute arbitrary commands on the host server, which could result in full system compromise; create, modify, or delete sensitive system files; and escalate privileges depending on the permissions of the executed process. • https://github.com/coollabsio/coolify/security/advisories/GHSA-ccp8-v65g-m526 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2024-55957
https://notcve.org/view.php?id=CVE-2024-55957
22 Jan 2025 — In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. • https://assets.thermofisher.com/TFS-Assets/CORP/Product-Guides/Thermo_Scientific_Xcalibur_and_Foundation.pdf • CWE-863: Incorrect Authorization •

CVE-2023-37777
https://notcve.org/view.php?id=CVE-2023-37777
22 Jan 2025 — Successful exploitation could lead to unauthorized access to database records with DB administrator privileges which can be leveraged to escalate privileges further and execute arbitrary OS commands. • https://infosecwriteups.com/how-i-discovered-a-critical-vulnerability-in-an-internet-service-providers-software-56c6cc00f338 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2024-51448 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2024-51448
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. • https://www.ibm.com/support/pages/node/7177586 • CWE-277: Insecure Inherited Permissions •

CVE-2025-21606 – Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats
https://notcve.org/view.php?id=CVE-2025-21606
17 Jan 2025 — The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. ... The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. ... An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execut... • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •

CVE-2024-40514
https://notcve.org/view.php?id=CVE-2024-40514
16 Jan 2025 — Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. • https://github.com/php-lover-boy/ChatVia • CWE-276: Incorrect Default Permissions •

CVE-2024-57726
https://notcve.org/view.php?id=CVE-2024-57726
15 Jan 2025 — SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. • https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier • CWE-862: Missing Authorization •

CVE-2024-48122
https://notcve.org/view.php?id=CVE-2024-48122
15 Jan 2025 — Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges. • https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf • CWE-1188: Initialization of a Resource with an Insecure Default •

CVE-2025-23013 – Gentoo Linux Security Advisory 202501-04
https://notcve.org/view.php?id=CVE-2025-23013
15 Jan 2025 — In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. • https://www.yubico.com/support/security-advisories/ysa-2025-01 • CWE-394: Unexpected Status Code or Return Value •

CVE-2025-21127 – Photoshop Desktop | Uncontrolled Search Path Element (CWE-427)
https://notcve.org/view.php?id=CVE-2025-21127
14 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. • https://helpx.adobe.com/security/products/photoshop/apsb25-02.html • CWE-427: Uncontrolled Search Path Element •