CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2025-64995 – Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction
https://notcve.org/view.php?id=CVE-2025-64995
11 Dec 2025 — A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the device during execution, to hijack the process and execute arbitrary code with SYSTEM privileges. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2025-64994 – Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction
https://notcve.org/view.php?id=CVE-2025-64994
11 Dec 2025 — A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate privileges and execute arbitrary code as SYSTEM. • https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1006 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.3EPSS: %CPEs: 1EXPL: 1CVE-2020-36902 – UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges
https://notcve.org/view.php?id=CVE-2020-36902
10 Dec 2025 — UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. • https://www.vulncheck.com/advisories/ubicod-medivision-digital-signage-authorization-bypass-via-user-privileges • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-67460 – Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2025-67460
10 Dec 2025 — Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access. • https://www.zoom.com/en/trust/security-bulletin/zsb-25050 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-65199 – Windscribe for Linux 'changeMTU' local privilege escalation
https://notcve.org/view.php?id=CVE-2025-65199
10 Dec 2025 — A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. • https://hackingbydoing.wixsite.com/hackingbydoing/post/windscribe-vpn-local-privilege-escalation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-7073 – Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security
https://notcve.org/view.php?id=CVE-2025-7073
10 Dec 2025 — A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. ... A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. • https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66004 – Local privilege escalation in usbmuxd from arbitrary local user to usbmux
https://notcve.org/view.php?id=CVE-2025-66004
10 Dec 2025 — A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004 • CWE-35: Path Traversal: ' •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-14400 – Windscribe Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-14400
10 Dec 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-14498 – TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-14498
10 Dec 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2025-49173 – macOS 10.9 Local Root Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-49173
https://packetstorm.news/files/id/212660 •