CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20645
https://notcve.org/view.php?id=CVE-2025-20645
03 Mar 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-25953
https://notcve.org/view.php?id=CVE-2025-25953
03 Mar 2025 — This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1CVE-2025-26206
https://notcve.org/view.php?id=CVE-2025-26206
03 Mar 2025 — Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component • https://github.com/xibhi/CVE-2025-26206 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1756 – MongoDB Shell may be susceptible to local privilege escalation in Windows
https://notcve.org/view.php?id=CVE-2025-1756
27 Feb 2025 — mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/MONGOSH-2028 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1755 – MongoDB Compass may be susceptible to local privilege escalation in Windows
https://notcve.org/view.php?id=CVE-2025-1755
27 Feb 2025 — MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/COMPASS-9058 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38292
https://notcve.org/view.php?id=CVE-2024-38292
27 Feb 2025 — In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. • https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39441
https://notcve.org/view.php?id=CVE-2024-39441
26 Feb 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1894203086612791298 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0889 – Privilege Management for Windows – Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-0889
26 Feb 2025 — Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process. • https://www.beyondtrust.com/trust-center/security-advisories/bt25-01 • CWE-268: Privilege Chaining •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27148 – Gradle vulnerable to local privilege escalation through system temporary directory
https://notcve.org/view.php?id=CVE-2025-27148
25 Feb 2025 — This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. • https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26601 – Xorg: xwayland: use-after-free in syncinittrigger()
https://notcve.org/view.php?id=CVE-2025-26601
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26601 • CWE-416: Use After Free •