CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46055
https://notcve.org/view.php?id=CVE-2023-46055
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. • https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34045 – VMware Fusion installer local privilege escalation
https://notcve.org/view.php?id=CVE-2023-34045
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34046 – VMware Fusion TOCTOU local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-34046
A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27792
https://notcve.org/view.php?id=CVE-2023-27792
An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. • https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue • CWE-862: Missing Authorization •