7989 results (0.264 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

13 Mar 2025 — Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. • https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598 •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

12 Mar 2025 — A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. • https://security.paloaltonetworks.com/CVE-2025-0117 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •

CVSS: 8.8EPSS: 0%CPEs: 90EXPL: 0

12 Mar 2025 — A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. • https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0

12 Mar 2025 — Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/03/Xerox-Security-Bulletin-XRX25-004-for-Xerox-FreeFlow-Print-Server-v7.pdf • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25709 •

CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0

12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25710 • CWE-281: Improper Preservation of Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. • https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3 •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

11 Mar 2025 — This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. ... Issues addressed include a privilege escalation vulnerability. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

11 Mar 2025 — A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information. ** UNSUPPORTED WHEN ASSIGNED ... • https://www.synaptics.com/sites/default/files/2025-03/audio-driver-security-brief-2025-03-11.pdf • CWE-284: Improper Access Control •