CVSS: 7.3EPSS: %CPEs: -EXPL: 0CVE-2025-7024 – Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)
https://notcve.org/view.php?id=CVE-2025-7024
03 Apr 2026 — Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. • https://cwe.mitre.org/data/definitions/276.html • CWE-276: Incorrect Default Permissions •
CVSS: 8.5EPSS: %CPEs: 1EXPL: 0CVE-2023-7343 – Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File
https://notcve.org/view.php?id=CVE-2023-7343
02 Apr 2026 — HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. • https://assets.belden.com/m/774e2db2b0100bc1/original/Belden-Security-Bulletin-BSECV-2023-06.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2023-7342 – Belden HiSecOS Web Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-7342
02 Apr 2026 — HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. • https://www.vulncheck.com/advisories/belden-hisecos-web-server-privilege-escalation • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: %CPEs: 1EXPL: 0CVE-2026-33271
https://notcve.org/view.php?id=CVE-2026-33271
02 Apr 2026 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-9108 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: %CPEs: 1EXPL: 0CVE-2026-27774
https://notcve.org/view.php?id=CVE-2026-27774
02 Apr 2026 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-10057 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.7EPSS: %CPEs: 1EXPL: 0CVE-2026-28728
https://notcve.org/view.php?id=CVE-2026-28728
02 Apr 2026 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-10401 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2026-30332
https://notcve.org/view.php?id=CVE-2026-30332
02 Apr 2026 — A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process. • https://github.com/B1tBreaker/CVE-2026-30332 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-34397 – himmelblau: NSS fake-primary group lookup reintroduces name collision risk
https://notcve.org/view.php?id=CVE-2026-34397
01 Apr 2026 — From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. • https://github.com/himmelblau-idm/himmelblau/releases/tag/2.3.9 • CWE-269: Improper Privilege Management •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2026-35099
https://notcve.org/view.php?id=CVE-2026-35099
01 Apr 2026 — Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. • https://documentation.lakesidesoftware.com/en/Content/Release%20Notes/Agent/11.2.1.28%20Hotfix%20Agent%20Release%20Notes.htm?tocpath=Release%20Notes%7CAgent%7C_____8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-3775 – Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2026-3775
01 Apr 2026 — Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution. ... Debido a que estas bibliotecas pueden ser resueltas y cargadas desde ubicaciones escribibles por el usuario, un atacante local puede colocar una biblioteca maliciosa allí y hacer que se cargue con privilegios de SYSTEM, lo que... • https://www.foxit.com/support/security-bulletins.html • CWE-427: Uncontrolled Search Path Element •