CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28388
https://notcve.org/view.php?id=CVE-2024-28388
SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. • https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28390
https://notcve.org/view.php?id=CVE-2024-28390
An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. • https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50677
https://notcve.org/view.php?id=CVE-2023-50677
An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. • https://gist.github.com/DMIND-NLL/b61b8d8d20271adf60fc717b3b48faff • CWE-269: Improper Privilege Management •
CVSS: 4.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2432 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-2432
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. Una vulnerabilidad de escalada de privilegios (PE) en la aplicación Palo Alto Networks GlobalProtect en dispositivos Windows permite a un usuario local ejecutar programas con privilegios elevados. Sin embargo, la ejecución requiere que el usuario local pueda aprovechar con éxito una condición de ejecución. • https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP https://security.paloaltonetworks.com/CVE-2024-2432 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26199 – Microsoft Office Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26199
Microsoft Office Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Office This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •