CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-36345
https://notcve.org/view.php?id=CVE-2023-36345
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. • https://youtu.be/KxjsEqNWU9E https://yuyudhn.github.io/pos-codekop-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3256 – Advantech R-SeeNet External Control of File Name or Path
https://notcve.org/view.php?id=CVE-2023-3256
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45287
https://notcve.org/view.php?id=CVE-2022-45287
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. • http://cwx.com http://temenos.com https://github.com/WhiteBearVN/CWX-Registration-Broken-Access-Control/blob/main/README.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21252
https://notcve.org/view.php?id=CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. • https://github.com/Neeke/HongCMS/issues/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-2847 – Local privilege escalation in ESET products for Linux and MacOS
https://notcve.org/view.php?id=CVE-2023-2847
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability. • https://support.eset.com/en/ca8447 • CWE-269: Improper Privilege Management •