Page 10 of 3528 results (0.034 seconds)

CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. • https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c https://www.less-secure.com/2024/10/chamilo-lms-cve-2024-27524-cve-2024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) • https://gist.github.com/ahmedsherif/ad56cd3a9ef86cdc05175fb591804c64 https://mobaxterm.mobatek.net/download-home-edition.html •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. ... This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2024-9632 https://bugzilla.redhat.com/show_bug.cgi?id=2317233 https://access.redhat.com/errata/RHSA-2024:10090 https://access.redhat.com/errata/RHSA-2024:8798 https://access.redhat.com/errata/RHSA-2024:9540 https://access.redhat.com/errata/RHSA-2024:9579 https://access.redhat.com/errata/RHSA-2024:9601 https://access.redhat.com/errata/RHSA-2024:9690 https://access.redhat.com/errata/RHSA-2024:9816 https://access.redhat.com/e • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. • https://gist.github.com/stevenyu113228/e264c145d6e6e6b59cf53fddc27409ad#1--predictable-administrator-credentials-in-d-link-dsl6740c-modem https://www.dlink.com/en/security-bulletin • CWE-521: Weak Password Requirements •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate privileges via the WaterToken Contract. • https://github.com/Wzy-source/Gala/blob/main/CVEs/WaterToken_0x8890963266f895aca11fbe4679a1f9cc472f6531.md • CWE-863: Incorrect Authorization •