CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44893
https://notcve.org/view.php?id=CVE-2024-44893
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. • https://github.com/jeecgboot/JimuReport/issues/2904 • CWE-269: Improper Privilege Management •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-42759
https://notcve.org/view.php?id=CVE-2024-42759
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. • https://csflabs.github.io/cve/2024/09/06/cve-2024-42759-approval-of-your-own-ticket-with-BFLA.html https://ellevo.com • CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40718
https://notcve.org/view.php?id=CVE-2024-40718
A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. • https://www.veeam.com/kb4649 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40709
https://notcve.org/view.php?id=CVE-2024-40709
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. • https://www.veeam.com/kb4649 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40712
https://notcve.org/view.php?id=CVE-2024-40712
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). • https://www.veeam.com/kb4649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •