CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2914
https://notcve.org/view.php?id=CVE-2026-2914
25 Feb 2026 — CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs • https://docs.cyberark.com/epm/latest/en/content/release%20notes/release-notes.htm •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-1789
https://notcve.org/view.php?id=CVE-2025-1789
24 Feb 2026 — Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. • https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10 • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2664 – Out of bounds read vulnerability in grpcfuse kernel module
https://notcve.org/view.php?id=CVE-2026-2664
24 Feb 2026 — An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://docs.docker.com/desktop/release-notes/#4620 • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2697 – Indirect Object Reference (IDOR) in Security Center
https://notcve.org/view.php?id=CVE-2026-2697
23 Feb 2026 — An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. • https://www.tenable.com/security/tns-2026-07 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2026-26722
https://notcve.org/view.php?id=CVE-2026-26722
20 Feb 2026 — An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality. • https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26722 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-26725
https://notcve.org/view.php?id=CVE-2026-26725
20 Feb 2026 — An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter. • https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2026-26725 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-15561 – Local Privilege Escalation in NesterSoft WorkTime
https://notcve.org/view.php?id=CVE-2025-15561
19 Feb 2026 — An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. • https://r.sec-consult.com/worktime • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4960 – macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer
https://notcve.org/view.php?id=CVE-2025-4960
19 Feb 2026 — The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. • https://pentraze.com/vulnerability-reports/cve-2025-4960 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-67305
https://notcve.org/view.php?id=CVE-2025-67305
19 Feb 2026 — Once authenticated, the attacker can access the PostgreSQL database with superuser privileges, create administrative users for the web interface, and potentially escalate privileges further. • https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-012-ruckus-nd-hardcoded-ssh-keys-rce.md • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-2040 – PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2026-2040
19 Feb 2026 — PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user.... • https://www.zerodayinitiative.com/advisories/ZDI-26-122 • CWE-427: Uncontrolled Search Path Element •