CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32330 – IBM Security Verify Access man in the middle
https://notcve.org/view.php?id=CVE-2023-32330
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254977 https://www.ibm.com/support/pages/node/7106586 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32328 – IBM Security Verify Access information disclosure
https://notcve.org/view.php?id=CVE-2023-32328
IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities. • https://exchange.xforce.ibmcloud.com/vulnerabilities/254657 https://www.ibm.com/support/pages/node/7106586 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24810 – WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
https://notcve.org/view.php?id=CVE-2024-24810
The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. • https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46914
https://notcve.org/view.php?id=CVE-2023-46914
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php. • https://security.friendsofpresta.org/modules/2024/02/06/bookingcalendar.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24303
https://notcve.org/view.php?id=CVE-2024-24303
SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. • https://security.friendsofpresta.org/modules/2024/02/06/hiadvancedgiftwrapping.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •