CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25452
https://notcve.org/view.php?id=CVE-2025-25452
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través del endpoint "/user" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-25450
https://notcve.org/view.php?id=CVE-2025-25450
06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través de la desactivación del segundo factor activado al punto final /session • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9658 – School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-9658
06 Mar 2025 — The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password through the mj_smgt_update_user() and mj_smgt_add_admission() functions, along with a local file inclusion vulnerability. • https://codecanyon.net/item/school-management-system-for-wordpress/11470032 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2025-25873 – OpenAdmin 0.3.4 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2025-25873
06 Mar 2025 — Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function Cross site request forgery in the Users and Change Root Password functions in OpenAdmin version 0.3.4 allows remote attackers to perform attacks enabling unauthorized actions that could lead to privilege escalation. • https://packetstorm.news/files/id/189597 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-27644
https://notcve.org/view.php?id=CVE-2025-27644
05 Mar 2025 — Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. • https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2025-25872 – OpenPanel 0.3.4 Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-25872
05 Mar 2025 — An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function OpenPanel version 0.3.4 suffers from a remote code execution vulnerability via /fix-permissions. • https://packetstorm.news/files/id/189583 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21092 – GMOD Apollo Incorrect Privilege Assignment
https://notcve.org/view.php?id=CVE-2025-21092
04 Mar 2025 — This could result in an attacker being able to escalate privileges for themselves or others. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20650
https://notcve.org/view.php?id=CVE-2025-20650
03 Mar 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20645
https://notcve.org/view.php?id=CVE-2025-20645
03 Mar 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-25953
https://notcve.org/view.php?id=CVE-2025-25953
03 Mar 2025 — This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640 • CWE-862: Missing Authorization •