CVSS: 9.3EPSS: 0%CPEs: 16EXPL: 45CVE-2025-32463 – Sudo chroot 1.9.17 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-32463
30 Jun 2025 — Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. ... This flaw allows a local attacker to escalate their privileges by tricking Sudo into loading an arbitrary shared library using the user-specified root directory via the `-R` (`--chroot`) option. ... In environments where per-host rules are configured in the sudoers file, a local attacker could use this issue to bypass the host re... • https://github.com/AdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-32462 • CWE-427: Uncontrolled Search Path Element CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 11CVE-2025-32462 – Sudo 1.9.17 Host Option - Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-32462
30 Jun 2025 — A privilege escalation vulnerability was found in Sudo. ... Depending on the rules present in the sudoers file the flaw might allow a local privilege escalation attack. • https://github.com/AdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-32462 • CWE-863: Incorrect Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24290
https://notcve.org/view.php?id=CVE-2025-24290
29 Jun 2025 — Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges. • https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28906 – Command injection in networking service
https://notcve.org/view.php?id=CVE-2023-28906
28 Jun 2025 — A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-45737
https://notcve.org/view.php?id=CVE-2025-45737
27 Jun 2025 — ., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component. • https://github.com/za233/NeacController • CWE-269: Improper Privilege Management •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-37101 – HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-37101
26 Jun 2025 — This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions). • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04876en_us&docLocale=en_US • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2025-36537 – Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
https://notcve.org/view.php?id=CVE-2025-36537
24 Jun 2025 — Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. ... This vulnerability allows local attackers to escalate privileges on affected installations of TeamViewer. ... An attacker can leverage this vulnerability to escalate privi... • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1002 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 7CVE-2025-49144 – Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
https://notcve.org/view.php?id=CVE-2025-49144
23 Jun 2025 — In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. • https://github.com/assad12341/notepad-v8.8.1-LPE-CVE- • CWE-272: Least Privilege Violation CWE-276: Incorrect Default Permissions CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47031
https://notcve.org/view.php?id=CVE-2023-47031
23 Jun 2025 — An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. • http://ncr.com • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24287 – Veeam Agent for Microsoft Windows Incorrect Default Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-24287
18 Jun 2025 — A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions. This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.veeam.com/kb4743 • CWE-94: Improper Control of Generation of Code ('Code Injection') •