Monthly
Authenticated attackers with Manager role or higher in F5 BIG-IP can execute arbitrary commands via malicious configuration objects in iControl REST API and TMOS Shell (tmsh). This privilege escalation vulnerability allows administrators to break out of their intended access boundaries and achieve full system control. CVSS 7.2 (High) reflects network accessibility with high privileges required. No public exploit code or active exploitation confirmed at time of analysis.
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to elevating the privileges of the local authenticated user to “root” using the exp (CVSS 7.8).
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. [CVSS 8.8 HIGH]
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors.
CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.
CVE-2025-49144 is a privilege escalation vulnerability in Notepad++ v8.8.1 and earlier that exploits insecure executable search paths in the installer to allow unprivileged local users to execute arbitrary code with SYSTEM privileges. An attacker can leverage social engineering to colocate a malicious executable with the legitimate installer in a writable directory (e.g., Downloads), and upon installer execution, the malicious payload runs with elevated privileges. The vulnerability is fixed in version 8.8.2.
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
Authenticated attackers with Manager role or higher in F5 BIG-IP can execute arbitrary commands via malicious configuration objects in iControl REST API and TMOS Shell (tmsh). This privilege escalation vulnerability allows administrators to break out of their intended access boundaries and achieve full system control. CVSS 7.2 (High) reflects network accessibility with high privileges required. No public exploit code or active exploitation confirmed at time of analysis.
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to elevating the privileges of the local authenticated user to “root” using the exp (CVSS 7.8).
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. [CVSS 8.8 HIGH]
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors.
CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.
CVE-2025-49144 is a privilege escalation vulnerability in Notepad++ v8.8.1 and earlier that exploits insecure executable search paths in the installer to allow unprivileged local users to execute arbitrary code with SYSTEM privileges. An attacker can leverage social engineering to colocate a malicious executable with the legitimate installer in a writable directory (e.g., Downloads), and upon installer execution, the malicious payload runs with elevated privileges. The vulnerability is fixed in version 8.8.2.
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.