
CVE-2025-29746
https://notcve.org/view.php?id=CVE-2025-29746
07 May 2025 — Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components • https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-26262
https://notcve.org/view.php?id=CVE-2025-26262
06 May 2025 — An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. • https://github.com/rfxn/linux-malware-detect • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2025-2774 – Webmin CRLF Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2774
01 May 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. •

CVE-2025-2759 – GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2759
30 Apr 2025 — GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. An attacker can leverage this vulnerability to escalate ... • https://www.zerodayinitiative.com/advisories/ZDI-25-268 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-4085 – openSUSE Security Advisory - openSUSE-SU-2025:15045-1
https://notcve.org/view.php?id=CVE-2025-4085
29 Apr 2025 — An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915280 • CWE-269: Improper Privilege Management •

CVE-2025-4082 – openSUSE Security Advisory - openSUSE-SU-2025:15042-1
https://notcve.org/view.php?id=CVE-2025-4082
29 Apr 2025 — Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1937097 • CWE-125: Out-of-bounds Read •

CVE-2025-25962
https://notcve.org/view.php?id=CVE-2025-25962
29 Apr 2025 — An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function • https://github.com/CVEProject/docs/blob/gh-pages/requester/reservation-guidelines.md • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •

CVE-2025-3224 – Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion
https://notcve.org/view.php?id=CVE-2025-3224
28 Apr 2025 — A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. ... A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. • https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management •

CVE-2025-34489 – GFI MailEssentials Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-34489
28 Apr 2025 — GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. • https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html • CWE-502: Deserialization of Untrusted Data •

CVE-2025-30408
https://notcve.org/view.php?id=CVE-2025-30408
24 Apr 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-8035 • CWE-732: Incorrect Permission Assignment for Critical Resource •