CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27493
https://notcve.org/view.php?id=CVE-2025-27493
11 Mar 2025 — This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27396
https://notcve.org/view.php?id=CVE-2025-27396
11 Mar 2025 — Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. • https://cert-portal.siemens.com/productcert/html/ssa-075201.html • CWE-273: Improper Check for Dropped Privileges •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-26656 – Missing Authorization check in S/4HANA (Manage Purchasing Info Records)
https://notcve.org/view.php?id=CVE-2025-26656
11 Mar 2025 — OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. • https://me.sap.com/notes/3474392 • CWE-862: Missing Authorization •
CVSS: 3.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-26655 – Missing Authorization check in SAP JIT(Outbound)
https://notcve.org/view.php?id=CVE-2025-26655
11 Mar 2025 — SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. • https://me.sap.com/notes/3347991 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25451
https://notcve.org/view.php?id=CVE-2025-25451
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante físicamente próximo escale privilegios a través de la clave de almacenamiento local "2fa_authorized" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25452
https://notcve.org/view.php?id=CVE-2025-25452
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través del endpoint "/user" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25450
https://notcve.org/view.php?id=CVE-2025-25450
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través de la desactivación del segundo factor activado al punto final /session • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-27644
https://notcve.org/view.php?id=CVE-2025-27644
05 Mar 2025 — Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. • https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21092 – GMOD Apollo Incorrect Privilege Assignment
https://notcve.org/view.php?id=CVE-2025-21092
04 Mar 2025 — This could result in an attacker being able to escalate privileges for themselves or others. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 1CVE-2025-1424 – Privilege Escalation Through SUID Binary and Developer Mode
https://notcve.org/view.php?id=CVE-2025-1424
04 Mar 2025 — A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671. A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. • https://www.redguard.ch/blog/2025/03/04/security-advisory-pocketbook-inkpad-color-3 • CWE-269: Improper Privilege Management •