CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-61161
https://notcve.org/view.php?id=CVE-2025-61161
29 Oct 2025 — This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that location. • https://www.evope.tech • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-61429
https://notcve.org/view.php?id=CVE-2025-61429
29 Oct 2025 — An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request. • https://medium.com/@sulaimanalabduli/title-817c6346ac65 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-62230 – Xorg: xwayland: use-after-free in xkb client resource removal
https://notcve.org/view.php?id=CVE-2025-62230
29 Oct 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-62230 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2025-62231 – Xorg: xmayland: value overflow in xkbsetcompatmap()
https://notcve.org/view.php?id=CVE-2025-62231
29 Oct 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-62231 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-62229 – Xorg: xmayland: use-after-free in xpresentnotify structure creation
https://notcve.org/view.php?id=CVE-2025-62229
29 Oct 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-62229 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-12425 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-12425
28 Oct 2025 — Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . • https://azure-access.com/security-advisories • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34294 – Wazuh File Integrity Monitoring (FIM) & Active Response Arbitrary File Deletion as SYSTEM
https://notcve.org/view.php?id=CVE-2025-34294
28 Oct 2025 — Wazuh's File Integrity Monitoring (FIM), when configured with automatic threat removal, contains a time-of-check/time-of-use (TOCTOU) race condition that can allow a local, low-privileged attacker to cause the Wazuh service (running as NT AUTHORITY\SYSTEM) to delete attacker-controlled files or paths. ... This can result in SYSTEM-level arbitrary file or folder deletion and consequent local privilege escalation. ... La monitorización de integridad de archivos (FIM) de Wazuh, cuan... • https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-61156 – ThreatFire System Monitor 4.7.0.53 Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-61156
28 Oct 2025 — Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL. ... This can result in both local EDR Bypass and Denial of Service. • https://packetstorm.news/files/id/210976 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9164 – Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
https://notcve.org/view.php?id=CVE-2025-9164
27 Oct 2025 — The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0. • https://docs.docker.com/desktop/release-notes • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48982 – Veeam Agent for Microsoft Windows Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-48982
27 Oct 2025 — This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.veeam.com/kb4771 •