CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26200
https://notcve.org/view.php?id=CVE-2025-26200
24 Feb 2025 — SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. • https://github.com/slims/slims9_bulian/issues/269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26201
https://notcve.org/view.php?id=CVE-2025-26201
24 Feb 2025 — Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. • http://greaterwms.com • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1265 – Elseta Vinci Protocol Analyzer OS Command Injection
https://notcve.org/view.php?id=CVE-2025-1265
20 Feb 2025 — An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. • https://elseta.com/support • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-25957
https://notcve.org/view.php?id=CVE-2025-25957
20 Feb 2025 — Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script. • https://github.com/dayrui/xunruicms/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-25958
https://notcve.org/view.php?id=CVE-2025-25958
20 Feb 2025 — Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. • https://github.com/Abel-Lan/phpcms/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-25960
https://notcve.org/view.php?id=CVE-2025-25960
20 Feb 2025 — Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. • https://github.com/Abel-Lan/phpcms/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28777 – IBM Cognos Controller code execution
https://notcve.org/view.php?id=CVE-2024-28777
19 Feb 2025 — This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in the application. • https://www.ibm.com/support/pages/node/7183597 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26624 – Local Privilege Escalation in Rufus 4.6 and previous versions
https://notcve.org/view.php?id=CVE-2025-26624
18 Feb 2025 — Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious `cfgmgr32.dll` in the same directory as the executable and have it side load automatically. This is fixed in commit `74dfa49`, which will be part of version 4.7... • https://github.com/pbatard/rufus/commit/74dfa49707fd626b58d776d3400295740a29e23e • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0425 – Local Privilege Escalation via Config Manipulation
https://notcve.org/view.php?id=CVE-2025-0425
18 Feb 2025 — Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of... • https://www.cordaware.com/changelog/en/version-6_3_8_1.html • CWE-15: External Control of System or Configuration Setting •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1390 – pam_cap: Fix potential configuration parsing error
https://notcve.org/view.php?id=CVE-2025-1390
18 Feb 2025 — Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames. • https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 • CWE-284: Improper Access Control •