CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26597 – Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
https://notcve.org/view.php?id=CVE-2025-26597
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26597 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26596 – Xorg: xwayland: heap overflow in xkbwritekeysyms()
https://notcve.org/view.php?id=CVE-2025-26596
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26596 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26595 – Xorg: xwayland: buffer overflow in xkbvmodmasktext()
https://notcve.org/view.php?id=CVE-2025-26595
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26595 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-26594 – X.org: xwayland: use-after-free of the root cursor
https://notcve.org/view.php?id=CVE-2025-26594
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26594 • CWE-416: Use After Free •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1412 – Session Persistence After User-to-Bot Conversion
https://notcve.org/view.php?id=CVE-2025-1412
24 Feb 2025 — Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot. • https://mattermost.com/security-updates • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-26200
https://notcve.org/view.php?id=CVE-2025-26200
24 Feb 2025 — SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. • https://github.com/slims/slims9_bulian/issues/269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-26201
https://notcve.org/view.php?id=CVE-2025-26201
24 Feb 2025 — Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. • http://greaterwms.com • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1265 – Elseta Vinci Protocol Analyzer OS Command Injection
https://notcve.org/view.php?id=CVE-2025-1265
20 Feb 2025 — An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. • https://elseta.com/support • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-25958
https://notcve.org/view.php?id=CVE-2025-25958
20 Feb 2025 — Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. • https://github.com/Abel-Lan/phpcms/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-25960
https://notcve.org/view.php?id=CVE-2025-25960
20 Feb 2025 — Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. • https://github.com/Abel-Lan/phpcms/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •