5871 results (0.513 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

13 Mar 2025 — Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. • https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598 •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

12 Mar 2025 — A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. • https://security.paloaltonetworks.com/CVE-2025-0117 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •

CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0

12 Mar 2025 — Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/03/Xerox-Security-Bulletin-XRX25-004-for-Xerox-FreeFlow-Print-Server-v7.pdf • CWE-269: Improper Privilege Management CWE-428: Unquoted Search Path or Element •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25709 •

CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0

12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25710 • CWE-281: Improper Preservation of Permissions •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

11 Mar 2025 — This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. ... Issues addressed include a privilege escalation vulnerability. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •