Page 21 of 5009 results (0.028 seconds)

CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. • https://csflabs.github.io/cve/2024/09/06/cve-2024-42759-approval-of-your-own-ticket-with-BFLA.html https://ellevo.com • CWE-592: DEPRECATED: Authentication Bypass Issues •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. • https://www.veeam.com/kb4649 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). • https://www.veeam.com/kb4649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. • https://www.cirosec.de/sa/sa-2024-004 • CWE-427: Uncontrolled Search Path Element •