4469 results (0.079 seconds)

CVSS: -EPSS: %CPEs: -EXPL: 0

13 Mar 2025 — An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. • http://soundcloud.com •

CVSS: -EPSS: %CPEs: -EXPL: 0

13 Mar 2025 — Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. • https://github.com/quriusfox/vulnerability-research/tree/main/CVE-2025-25598 •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

12 Mar 2025 — A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. • https://security.paloaltonetworks.com/CVE-2025-0117 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •

CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0

12 Mar 2025 — Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/03/Xerox-Security-Bulletin-XRX25-004-for-Xerox-FreeFlow-Print-Server-v7.pdf • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25709 •

CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0

12 Mar 2025 — An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint • https://github.com/z5jt/vulnerability-research/tree/main/CVE-2025-25710 • CWE-281: Improper Preservation of Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. • https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3 •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

11 Mar 2025 — Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. ... This flaw allows an attacker with local access and low privileges to escalate privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •