CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-11622
https://notcve.org/view.php?id=CVE-2025-11622
13 Oct 2025 — Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.1EPSS: %CPEs: -EXPL: 0CVE-2025-7707 – World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-7707
13 Oct 2025 — This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service. • https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4 • CWE-377: Insecure Temporary File •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-9968
https://notcve.org/view.php?id=CVE-2025-9968
13 Oct 2025 — This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update for Armoury Crate App' in the ASUS Security Advisory. ... This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. • https://www.asus.com/security-advisory • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-23282
https://notcve.org/view.php?id=CVE-2025-23282
10 Oct 2025 — NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-23282 • CWE-415: Double Free •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-11561 – Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems
https://notcve.org/view.php?id=CVE-2025-11561
09 Oct 2025 — In default configurations, SSSD does not enable the Kerberos local authentication plugin (sssd_krb5_localauth_plugin), allowing an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users. This can result in unauthorized access or privilege escalation on domain-joined Linux hosts. ... In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallb... • https://access.redhat.com/security/cve/CVE-2025-11561 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-36565
https://notcve.org/view.php?id=CVE-2025-36565
07 Oct 2025 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root. • https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11462 – Local Privilege Escalation Vulnerability in AWS Client VPN macOS Client
https://notcve.org/view.php?id=CVE-2025-11462
07 Oct 2025 — Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. • https://aws.amazon.com/security/security-bulletins/AWS-2025-020 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-36566
https://notcve.org/view.php?id=CVE-2025-36566
07 Oct 2025 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root. • https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-36567
https://notcve.org/view.php?id=CVE-2025-36567
07 Oct 2025 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root. • https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-43911
https://notcve.org/view.php?id=CVE-2025-43911
07 Oct 2025 — A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root. • https://www.dell.com/support/kbdoc/en-us/000376224/dsa-2025-333-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •