
CVE-2024-13759 – Local Privilege Escalation in Avira Prime 1.1.96.2 on Windows 10 x64
https://notcve.org/view.php?id=CVE-2024-13759
09 May 2025 — Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion • https://www.gendigital.com/us/en/contact-us/security-advisories/) • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2024-13944 – Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate (Also affects Avast CleanUp and AVG TuneUp)
https://notcve.org/view.php?id=CVE-2024-13944
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVE-2025-3528 – Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
https://notcve.org/view.php?id=CVE-2025-3528
09 May 2025 — A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. • https://access.redhat.com/security/cve/CVE-2025-3528 • CWE-276: Incorrect Default Permissions •

CVE-2025-26168
https://notcve.org/view.php?id=CVE-2025-26168
07 May 2025 — IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. • https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-26169
https://notcve.org/view.php?id=CVE-2025-26169
07 May 2025 — IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. • https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-29746
https://notcve.org/view.php?id=CVE-2025-29746
07 May 2025 — Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components • https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-26262
https://notcve.org/view.php?id=CVE-2025-26262
06 May 2025 — An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. • https://github.com/rfxn/linux-malware-detect • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2025-2774 – Webmin CRLF Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2774
01 May 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. •

CVE-2025-2759 – GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-2759
30 Apr 2025 — GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. An attacker can leverage this vulnerability to escalate ... • https://www.zerodayinitiative.com/advisories/ZDI-25-268 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-4085 – openSUSE Security Advisory - openSUSE-SU-2025:15045-1
https://notcve.org/view.php?id=CVE-2025-4085
29 Apr 2025 — An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915280 • CWE-269: Improper Privilege Management •