CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0425 – Local Privilege Escalation via Config Manipulation
https://notcve.org/view.php?id=CVE-2025-0425
18 Feb 2025 — By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt au... • https://www.cordaware.com/changelog/en/version-6_3_8_1.html • CWE-15: External Control of System or Configuration Setting •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1390 – pam_cap: Fix potential configuration parsing error
https://notcve.org/view.php?id=CVE-2025-1390
18 Feb 2025 — Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames. • https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-51505
https://notcve.org/view.php?id=CVE-2024-51505
18 Feb 2025 — A highly trusted role (Config Admin) could leverage a race condition to escalate privileges. • https://eviden.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47935 – TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock Improper Validation of Integrity Check Value Vulnerability
https://notcve.org/view.php?id=CVE-2024-47935
17 Feb 2025 — Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim’s device. ... Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim’s device. • https://www.txone.com/psirt/advisories/cve-2024-47935 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26507 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26507
14 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of HP LaserJet Pro MFP 3301fdw printers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-57778
https://notcve.org/view.php?id=CVE-2024-57778
14 Feb 2025 — An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. • https://github.com/KUK3N4N/CVE-2024-57778 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-26511 – Cassandra-Lucene-Index allows bypass of Cassandra RBAC
https://notcve.org/view.php?id=CVE-2025-26511
13 Feb 2025 — Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC and escalate their privileges. • https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-22960
https://notcve.org/view.php?id=CVE-2025-22960
13 Feb 2025 — Exploiting this flaw could allow attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices. • https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-22960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23359 – NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23359
12 Feb 2025 — A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://nvidia.custhelp.com/app/answers/detail/a_id/5616 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51440
https://notcve.org/view.php?id=CVE-2024-51440
12 Feb 2025 — An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. • https://sharedobject.blog/posts/nothing-bpf • CWE-276: Incorrect Default Permissions •