CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9525 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9525
09 Jan 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the System Speedup Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-54761
https://notcve.org/view.php?id=CVE-2024-54761
09 Jan 2025 — BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter. • https://github.com/nscan9/CVE-2024-54761-BigAnt-Office-Messenger-5.6.06-RCE-via-SQL-Injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51229
https://notcve.org/view.php?id=CVE-2024-51229
09 Jan 2025 — Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. • https://gitee.com/LinZhaoguan/pb-cms/issues/IAYHUP • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9523 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9523
09 Jan 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the System Speedup Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53706 – SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-53706
09 Jan 2025 — A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. ... An attacker must first obtain the ability to execute low-privileged code on the target system or send a TCP packet to a local service in order to exploit this vulnerability. The specific flaw exists within the setSshdConfig command. ... An attacker can leverage this vulnerability to escalate... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9524 – Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9524
09 Jan 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the System Speedup Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-55494
https://notcve.org/view.php?id=CVE-2024-55494
09 Jan 2025 — A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php. • https://github.com/hassan-mohammed/security-findings/tree/main/CVEs/CVE-2024-55494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-54887
https://notcve.org/view.php?id=CVE-2024-54887
09 Jan 2025 — This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. • http://tp-link.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-55224
https://notcve.org/view.php?id=CVE-2024-55224
09 Jan 2025 — An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message. • https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53705 – SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2024-53705
09 Jan 2025 — A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of SonicWALL NSv. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-918: Server-Side Request Forgery (SSRF) •