CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41929
https://notcve.org/view.php?id=CVE-2023-41929
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) Una vulnerabilidad de secuestro de DLL en Samsung Memory Card & UFD Authentication Utility PC Software anterior a 1.0.1 podría permitir a un atacante local escalar privilegios. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26837
https://notcve.org/view.php?id=CVE-2021-26837
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. • https://community.helpsystems.com/knowledge-base/rjs/delivernow/overview https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42359
https://notcve.org/view.php?id=CVE-2023-42359
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. • https://upbeat-washer-def.notion.site/Exam-Form-Submission-In-PHP-SQL-Injection-in-index-php-bd71962db712459488019d531ab2f6f2?pvs=4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-39612
https://notcve.org/view.php?id=CVE-2023-39612
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. • https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-filebrowser-leads-to-admin-account-takeover-in-filebrowser https://github.com/filebrowser/filebrowser/commit/b508ac3d4f7f0f75d6b49c99bdc661a6d2173f30 https://github.com/filebrowser/filebrowser/issues/2570 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 105EXPL: 0CVE-2023-32461
https://notcve.org/view.php?id=CVE-2023-32461
A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. ... Un usuario local malicioso con altos privilegios podría explotar potencialmente esta vulnerabilidad, lo que provocaría una corrupción de la memoria y potencialmente escalaría privilegios. • https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability • CWE-122: Heap-based Buffer Overflow •