CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37769
https://notcve.org/view.php?id=CVE-2024-37769
05 Jul 2024 — Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. • https://github.com/b1ackc4t/14Finger/issues/12 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27710
https://notcve.org/view.php?id=CVE-2024-27710
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27710-privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27711
https://notcve.org/view.php?id=CVE-2024-27711
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27711-user-enumeration-via-sign-up-process-in-eskooly-web-product-less-than-v3.0 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27712
https://notcve.org/view.php?id=CVE-2024-27712
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27712-user-enumeration-via-account-settings-in-eskooly-web-product-less-than-v3.0 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27713
https://notcve.org/view.php?id=CVE-2024-27713
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27713-protection-mechanism-failure-in-eskooly-web-product-less-than-v3.0 • CWE-693: Protection Mechanism Failure •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27715
https://notcve.org/view.php?id=CVE-2024-27715
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0 • CWE-620: Unverified Password Change •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27717
https://notcve.org/view.php?id=CVE-2024-27717
05 Jul 2024 — Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39934
https://notcve.org/view.php?id=CVE-2024-39934
04 Jul 2024 — Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment. • https://checkmk.com/werk/16434 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-37726
https://notcve.org/view.php?id=CVE-2024-37726
03 Jul 2024 — ., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-22106
https://notcve.org/view.php?id=CVE-2024-22106
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). • https://jungo.com/windriver/versions • CWE-269: Improper Privilege Management •