Page 109 of 3549 results (0.019 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component. • https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0

Windows Kernel Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del kernel de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack. • https://cert-portal.siemens.com/productcert/html/ssa-543502.html • CWE-648: Incorrect Use of Privileged APIs •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM. • https://cert-portal.siemens.com/productcert/html/ssa-871717.html • CWE-276: Incorrect Default Permissions •