CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29775 – xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
https://notcve.org/view.php?id=CVE-2025-29775
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29774 – xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
https://notcve.org/view.php?id=CVE-2025-29774
14 Mar 2025 — For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. • https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57062
https://notcve.org/view.php?id=CVE-2024-57062
13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25598
https://notcve.org/view.php?id=CVE-2025-25598
13 Mar 2025 — Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. • https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0117 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2025-0117
12 Mar 2025 — A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. • https://security.paloaltonetworks.com/CVE-2025-0117 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1984 – Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5
https://notcve.org/view.php?id=CVE-2025-1984
12 Mar 2025 — Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/03/Xerox-Security-Bulletin-XRX25-004-for-Xerox-FreeFlow-Print-Server-v7.pdf • CWE-269: Improper Privilege Management CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25709
https://notcve.org/view.php?id=CVE-2025-25709
12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25709 •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-25711
https://notcve.org/view.php?id=CVE-2025-25711
12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25710 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24070 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24070
11 Mar 2025 — This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. ... Issues addressed include a privilege escalation vulnerability. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27494
https://notcve.org/view.php?id=CVE-2025-27494
11 Mar 2025 — This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •