CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51505
https://notcve.org/view.php?id=CVE-2024-51505
18 Feb 2025 — A highly trusted role (Config Admin) could leverage a race condition to escalate privileges. • https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26507 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26507
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows local attackers to escalate privileges on affected installations of HP LaserJet Pro MFP 3301fdw printers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-57778
https://notcve.org/view.php?id=CVE-2024-57778
14 Feb 2025 — An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. • https://github.com/KUK3N4N/CVE-2024-57778 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-22960
https://notcve.org/view.php?id=CVE-2025-22960
13 Feb 2025 — Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23359 – NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23359
12 Feb 2025 — A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://nvidia.custhelp.com/app/answers/detail/a_id/5616 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51440
https://notcve.org/view.php?id=CVE-2024-51440
12 Feb 2025 — An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. • https://sharedobject.blog/posts/nothing-bpf • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57602
https://notcve.org/view.php?id=CVE-2024-57602
12 Feb 2025 — An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. • https://hkohi.ca/vulnerability/12 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57603
https://notcve.org/view.php?id=CVE-2024-57603
12 Feb 2025 — An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting. • https://github.com/mayswind/ezbookkeeping/issues/33 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57604
https://notcve.org/view.php?id=CVE-2024-57604
12 Feb 2025 — An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. • https://github.com/mayswind/ezbookkeeping/issues/33 • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-57605
https://notcve.org/view.php?id=CVE-2024-57605
12 Feb 2025 — Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. • https://hkohi.ca/vulnerability/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •