CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41807 – Linux Local Privilege Escalation Via GoTTY Page
https://notcve.org/view.php?id=CVE-2023-41807
This vulnerability allows a user to escalate permissions on the system shell. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48319 – WordPress Salon booking system plugin < 8.7 - Editor+ Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-48319
This makes it possible for authenticated attackers, with editor-level access and above, to escalate their privileges to that of an administrator. • https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-8-7-editor-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37942 – APM Java Agent Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-37942
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. • https://discuss.elastic.co/t/apm-java-agent-security-update/291355 https://www.elastic.co/community/security • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5299 – Fuji Electric Tellus Lite V-Simulator Improper Access Control
https://notcve.org/view.php?id=CVE-2023-5299
This vulnerability allows local attackers to escalate privileges on affected installations of Fuji Electric Tellus Lite. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of any user of the software. • https://felib.fujielectric.co.jp/en/M10009/M20034/document_detail/c27d5b69-68ef-4af5-90ee-b5dab118f71a https://www.cisa.gov/news-events/ics-advisories/icsa-23-325-02 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47350
https://notcve.org/view.php?id=CVE-2023-47350
Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. • https://github.com/SwiftyEdit/SwiftyEdit/commit/90a6f3df16cd1578b2827d7b2e073451f7ce4e47 https://mechaneus.github.io/CVE-2023-47350.html • CWE-352: Cross-Site Request Forgery (CSRF) •