CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41602
https://notcve.org/view.php?id=CVE-2024-41602
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL Vulnerabilidad de falsificación de solicitudes entre sitios en Spina CMS v.2.18.0 y anteriores permite a un atacante remoto escalar privilegios a través de una URL manipulada • https://github.com/topsky979/Security-Collections/tree/main/CVE-2024-41602 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30473
https://notcve.org/view.php?id=CVE-2024-30473
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. • https://www.dell.com/support/kbdoc/en-us/000227051/dsa-2024-239-security-update-dell-ecs-3-8-1-1-for-multiple-security-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34013
https://notcve.org/view.php?id=CVE-2024-34013
Local privilege escalation due to OS command injection vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7035 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21164 – Oracle VirtualBox EHCI USB Controller Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21164
This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpujul2024.html •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-40505
https://notcve.org/view.php?id=CVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. La vulnerabilidad de Directory Traversal en el firmware D-Link DAP-1650 v.1.03 permite a un atacante local escalar privilegios a través del componente hedwig.cgi. • https://coldwx.github.io/CVE-2024-40505.html https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266 • CWE-35: Path Traversal: ' •