CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24070 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24070
11 Mar 2025 — This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. ... Issues addressed include a privilege escalation vulnerability. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9157 – Privilege Escalation Vulnerability in CxUIUSvc service
https://notcve.org/view.php?id=CVE-2024-9157
11 Mar 2025 — A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information. ** UNSUPPORTED WHEN ASSIGNED ... • https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22454
https://notcve.org/view.php?id=CVE-2025-22454
11 Mar 2025 — Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27494
https://notcve.org/view.php?id=CVE-2025-27494
11 Mar 2025 — This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27493
https://notcve.org/view.php?id=CVE-2025-27493
11 Mar 2025 — This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-26656 – Missing Authorization check in S/4HANA (Manage Purchasing Info Records)
https://notcve.org/view.php?id=CVE-2025-26656
11 Mar 2025 — OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application. • https://me.sap.com/notes/3474392 • CWE-862: Missing Authorization •
CVSS: 3.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-26655 – Missing Authorization check in SAP JIT(Outbound)
https://notcve.org/view.php?id=CVE-2025-26655
11 Mar 2025 — SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. • https://me.sap.com/notes/3347991 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56192
https://notcve.org/view.php?id=CVE-2024-56192
10 Mar 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56191
https://notcve.org/view.php?id=CVE-2024-56191
10 Mar 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-27255
https://notcve.org/view.php?id=CVE-2025-27255
10 Mar 2025 — Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. • https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76 • CWE-798: Use of Hard-coded Credentials •