CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-26513
https://notcve.org/view.php?id=CVE-2025-26513
07 Aug 2025 — The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. • https://security.netapp.com/advisory/NTAP-20250806-0001 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7768 – Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced
https://notcve.org/view.php?id=CVE-2025-7768
06 Aug 2025 — This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-8612 – AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-8612
06 Aug 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-51627
https://notcve.org/view.php?id=CVE-2025-51627
05 Aug 2025 — Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator. • http://agenziaimpresa.com • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 2CVE-2013-10052 – ZPanel zsudo Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-10052
04 Aug 2025 — This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. ... This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/zpanel_zsudo.rb • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23279
https://notcve.org/view.php?id=CVE-2025-23279
02 Aug 2025 — NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5670 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23276
https://notcve.org/view.php?id=CVE-2025-23276
02 Aug 2025 — NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5670 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2013-10044 – OpenEMR ≤ 4.1.1 SQL Injection Privilege Escalation and RCE
https://notcve.org/view.php?id=CVE-2013-10044
01 Aug 2025 — An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/openemr_sqli_privesc_upload.rb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10022 – Kloxo <= 6.1.12 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-10022
01 Aug 2025 — Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. ... This flaw enables attackers with Apache-level access to escalate privileges to root without authentication. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/kloxo_lxsuexec.rb • CWE-269: Improper Privilege Management •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 3CVE-2013-10046 – Agnitum Outpost Internet Security Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-10046
01 Aug 2025 — A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. ... A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/agnitum_outpost_acs.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-306: Missing Authentication for Critical Function •