CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28115 – Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled
https://notcve.org/view.php?id=CVE-2024-28115
FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. • https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2 https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2023-51281
https://notcve.org/view.php?id=CVE-2023-51281
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. • https://github.com/geraldoalcantara/CVE-2023-51281 https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-26566
https://notcve.org/view.php?id=CVE-2024-26566
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. • http://cute.com https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20English.md https://github.com/GZLDL/CVE/tree/main/Cute%20Http%20File%20Server%20JWT • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-51786
https://notcve.org/view.php?id=CVE-2023-51786
An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. • http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html http://www.openwall.com/lists/oss-security/2024/03/12/2 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2023-49982
https://notcve.org/view.php?id=CVE-2023-49982
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. • https://github.com/geraldoalcantara/CVE-2023-49982 https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html • CWE-863: Incorrect Authorization •