CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27091
https://notcve.org/view.php?id=CVE-2023-27091
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). • https://gitee.com/xiaobingby/TeaCMS/issues/I6GDRU https://gitee.com/xiaobingby/TeaCMS/issues/I6SXAF • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26858
https://notcve.org/view.php?id=CVE-2023-26858
SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. • https://addons.prestashop.com/en/faq-frequently-asked-questions/16036-frequently-asked-questions-faq-page.html https://friends-of-presta.github.io/security-advisories/modules/2023/03/28/faqs.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47191 – Privilege Escalation via file upload vulnerability at Generex CS141
https://notcve.org/view.php?id=CVE-2022-47191
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. • https://www.generex.de/support/changelogs/cs141/2-12 https://www.generex.de/support/changelogs/cs141/page:2 https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1393 – X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-1393
A Use-After-Free may lead to local privilege escalation. ... The Overlay Window use-after-free issue can lead to a local privilege escalation vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://github.com/pawlokk/mindmanager-poc http://seclists.org/fulldisclosure/2024/Apr/24 https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md •