CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-54140 – pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
https://notcve.org/view.php?id=CVE-2025-54140
22 Jul 2025 — This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. • https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-46120
https://notcve.org/view.php?id=CVE-2025-46120
21 Jul 2025 — ., via FTP) to escalate privileges and run arbitrary template code on the controller. An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and r... • http://commscope.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38350 – net/sched: Always pass notifications when child class becomes empty
https://notcve.org/view.php?id=CVE-2025-38350
19 Jul 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/stable/c/1034e3310752e8675e313f7271b348914008719a •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-7784 – Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)
https://notcve.org/view.php?id=CVE-2025-7784
18 Jul 2025 — An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. • https://access.redhat.com/security/cve/CVE-2025-7784 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-52166
https://notcve.org/view.php?id=CVE-2025-52166
18 Jul 2025 — Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information. • http://agorum.com • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1729
https://notcve.org/view.php?id=CVE-2025-1729
17 Jul 2025 — A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-189489 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1700
https://notcve.org/view.php?id=CVE-2025-1700
17 Jul 2025 — A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. • https://en-us.support.motorola.com/app/answers/detail/a_id/186730/~/motorola-software-fix-installer-vulnerability • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.5EPSS: 0%CPEs: 33EXPL: 0CVE-2025-0886
https://notcve.org/view.php?id=CVE-2025-0886
17 Jul 2025 — An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-182738 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7433
https://notcve.org/view.php?id=CVE-2025-7433
17 Jul 2025 — A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13972
https://notcve.org/view.php?id=CVE-2024-13972
17 Jul 2025 — A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-276: Incorrect Default Permissions •