CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-3101 – Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3101
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. • https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2 https://huntr.com/bounties/c114c03e-3348-450f-88f7-538502047bcc • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31839 – CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
https://notcve.org/view.php?id=CVE-2024-31839
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. • https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents https://github.com/tiagorlampert/CHAOS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24245
https://notcve.org/view.php?id=CVE-2024-24245
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. Un problema en Canimaan Software LTD ClamXAV v3.1.2 a v3.6.1 y solucionado en v.3.6.2 permite a un atacante local escalar privilegios a través del componente de herramienta auxiliar ClamXAV. • https://www.clamxav.com/version-history • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-26158 – Microsoft Install Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26158
Microsoft Install Service Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 1CVE-2024-27631
https://notcve.org/view.php?id=CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php Vulnerabilidad de Cross Site Request Forgery en GNU Savane v.3.12 y anteriores permite a un atacante remoto escalar privilegios a través de siteadmin/usergroup.php • https://github.com/ally-petitt/CVE-2024-27631 https://git.savannah.nongnu.org/cgit/administration/savane.git/commit/?h=i18n&id=d3962d3feb75467489b869204db98e2dffaaaf09 https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 • CWE-352: Cross-Site Request Forgery (CSRF) •