CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28558
https://notcve.org/view.php?id=CVE-2024-28558
SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php. • https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md https://github.com/xuanluansec/vul/issues/3#issue-2243633522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2023-45503
https://notcve.org/view.php?id=CVE-2023-45503
SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. • https://github.com/ally-petitt/CVE-2023-45503 https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32019 – ndsudo: local privilege escalation via untrusted search path
https://notcve.org/view.php?id=CVE-2024-32019
This may lead to local privilege escalation. • https://github.com/netdata/netdata/pull/17377 https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 • CWE-426: Untrusted Search Path •
CVSS: 0EPSS: 0%CPEs: -EXPL: 1CVE-2024-31804 – Terratec dmx_6fire USB - Unquoted Service Path
https://notcve.org/view.php?id=CVE-2024-31804
An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. Una vulnerabilidad de ruta de servicio sin comillas en Terratec DMX_6Fire USB v.1.23.0.02 permite a un atacante local escalar privilegios a través del componente Program.exe. • https://www.exploit-db.com/exploits/51977 https://medium.com/%40kobbycyber/terratec-dmx-6fire-usb-unquoted-service-path-cve-2024-31804-70cced459202 https://www.ired.team/offensive-security/privilege-escalation/unquoted-service-paths • CWE-428: Unquoted Search Path or Element •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-29399
https://notcve.org/view.php?id=CVE-2024-29399
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. • https://github.com/ally-petitt/CVE-2024-29399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •