CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2390 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-2390
This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2024-05 • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: -EXPL: 2CVE-2024-25227
https://notcve.org/view.php?id=CVE-2024-25227
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. • https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227 https://github.com/thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227 https://thetrueartist.wixsite.com/cveblog/post/understanding-the-potential-impact-of-cve-2024-25227-what-you-need-to-know-and-how-it-was-discovered •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-06070 – Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-06070
Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28391
https://notcve.org/view.php?id=CVE-2024-28391
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. • https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28388
https://notcve.org/view.php?id=CVE-2024-28388
SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. • https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •