
CVE-2025-27216
https://notcve.org/view.php?id=CVE-2025-27216
21 Aug 2025 — Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges. • https://community.ui.com/releases/Security-Advisory-Bulletin-053/b0c4aa38-90aa-412d-b5b9-6395e057d822 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-9330 – Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-9330
21 Aug 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. •

CVE-2025-4046 – Missing Authorization in Lexmark Cloud Services badge management
https://notcve.org/view.php?id=CVE-2025-4046
19 Aug 2025 — A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-862: Missing Authorization •

CVE-2025-8098
https://notcve.org/view.php?id=CVE-2025-8098
18 Aug 2025 — An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. • https://iknow.lenovo.com.cn/detail/430658 • CWE-276: Incorrect Default Permissions •

CVE-2025-36120 – IBM Storage Virtualize privilege escalation
https://notcve.org/view.php?id=CVE-2025-36120
18 Aug 2025 — IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources. • https://www.ibm.com/support/pages/node/7240796 • CWE-863: Incorrect Authorization •

CVE-2025-8904 – Privilege escalation issue in Amazon EMR Secret Agent component
https://notcve.org/view.php?id=CVE-2025-8904
13 Aug 2025 — A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. • https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-app-versions-7.x.html • CWE-257: Storing Passwords in a Recoverable Format •

CVE-2025-8614 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-8614
13 Aug 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •

CVE-2025-53744
https://notcve.org/view.php?id=CVE-2025-53744
12 Aug 2025 — An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager. • https://fortiguard.fortinet.com/psirt/FG-IR-25-173 • CWE-266: Incorrect Privilege Assignment •

CVE-2025-49557 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-49557
12 Aug 2025 — These scripts may be used to escalate privileges within the application or compromise sensitive user data. • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-53723 – Windows Hyper-V Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-53723
12 Aug 2025 — Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53723 • CWE-122: Heap-based Buffer Overflow CWE-197: Numeric Truncation Error •