CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-24917 – Improper Access Control leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-24917
23 May 2025 — In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. • https://www.tenable.com/security/tns-2025-10 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-24916 – Improper Access Control leads to Local Priviledge Escalation
https://notcve.org/view.php?id=CVE-2025-24916
23 May 2025 — This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-10 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4692 – ABUP IoT Cloud Platform Incorrect Privilege Assignment
https://notcve.org/view.php?id=CVE-2025-4692
22 May 2025 — If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-01 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40458
https://notcve.org/view.php?id=CVE-2024-40458
22 May 2025 — An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. • https://drive.google.com/file/d/1E8dxLt2LnvmLcCEUyp6qtnG-yZjyvMji/view?usp=drive_link • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40459
https://notcve.org/view.php?id=CVE-2024-40459
22 May 2025 — An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function • https://drive.google.com/file/d/1J2PsjRc6u2q4Teo3eVnBVmTEFjOgaPzX/view?usp=drive_link • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40460
https://notcve.org/view.php?id=CVE-2024-40460
22 May 2025 — An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE • https://drive.google.com/file/d/10M4x2jL_l-kPSZOOE_tUmBzCTCr0tMiF/view?usp=drive_link • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40461
https://notcve.org/view.php?id=CVE-2024-40461
22 May 2025 — An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component • https://drive.google.com/file/d/1DyiyLQRvTRAZD8gn2BT7oDzX1NQ7wmFT/view?usp=drive_link • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40462
https://notcve.org/view.php?id=CVE-2024-40462
22 May 2025 — An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component • https://drive.google.com/file/d/1MDU9FGo36U83yQy55nnVj1syWVy9WLm5/view?usp=drive_link • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41195
https://notcve.org/view.php?id=CVE-2024-41195
22 May 2025 — An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://drive.google.com/file/d/1U50ZsLo7VXWKQ1_6FxWy70F_75jzVUwi/view?usp=drive_link • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41196
https://notcve.org/view.php?id=CVE-2024-41196
22 May 2025 — An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. • https://cwe.mitre.org/data/definitions/285.html • CWE-287: Improper Authentication •