
CVE-2025-26599 – Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
https://notcve.org/view.php?id=CVE-2025-26599
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26599 • CWE-824: Access of Uninitialized Pointer •

CVE-2025-26598 – Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
https://notcve.org/view.php?id=CVE-2025-26598
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26598 • CWE-787: Out-of-bounds Write •

CVE-2025-26597 – Xorg: xwayland: buffer overflow in xkbchangetypesofkey()
https://notcve.org/view.php?id=CVE-2025-26597
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26597 • CWE-122: Heap-based Buffer Overflow •

CVE-2025-26596 – Xorg: xwayland: heap overflow in xkbwritekeysyms()
https://notcve.org/view.php?id=CVE-2025-26596
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26596 • CWE-122: Heap-based Buffer Overflow •

CVE-2025-26595 – Xorg: xwayland: buffer overflow in xkbvmodmasktext()
https://notcve.org/view.php?id=CVE-2025-26595
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. • https://access.redhat.com/security/cve/CVE-2025-26595 • CWE-121: Stack-based Buffer Overflow •

CVE-2025-26594 – X.org: xwayland: use-after-free of the root cursor
https://notcve.org/view.php?id=CVE-2025-26594
25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26594 • CWE-416: Use After Free •

CVE-2025-26200
https://notcve.org/view.php?id=CVE-2025-26200
24 Feb 2025 — SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. • https://github.com/slims/slims9_bulian/issues/269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2025-26201
https://notcve.org/view.php?id=CVE-2025-26201
24 Feb 2025 — Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. • http://greaterwms.com • CWE-294: Authentication Bypass by Capture-replay •

CVE-2025-1265 – Elseta Vinci Protocol Analyzer OS Command Injection
https://notcve.org/view.php?id=CVE-2025-1265
20 Feb 2025 — An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. • https://elseta.com/support • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2025-25958
https://notcve.org/view.php?id=CVE-2025-25958
20 Feb 2025 — Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. • https://github.com/Abel-Lan/phpcms/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •