CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22938
https://notcve.org/view.php?id=CVE-2024-22938
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. • https://github.com/n0Sleeper/bosscmsVuln https://github.com/n0Sleeper/bosscmsVuln/issues/1 https://www.bosscms.net • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-23940
https://notcve.org/view.php?id=CVE-2024-23940
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. • https://helpcenter.trendmicro.com/en-us/article/tmka-12134 https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132 https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0841 – Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function
https://notcve.org/view.php?id=CVE-2024-0841
This issue may allow a local user to crash the system or potentially escalate their privileges on the system. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2024-0841 https://bugzilla.redhat.com/show_bug.cgi?id=2256490 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48202
https://notcve.org/view.php?id=CVE-2023-48202
Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. • https://mechaneus.github.io/CVE-2023-48202.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48201
https://notcve.org/view.php?id=CVE-2023-48201
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. • https://mechaneus.github.io/CVE-2023-48201.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •