CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19279
https://notcve.org/view.php?id=CVE-2020-19279
Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links. • https://github.com/advisories/GHSA-g277-4m9p-49hv https://github.com/b3log/wide/issues/355 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27091
https://notcve.org/view.php?id=CVE-2023-27091
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). • https://gitee.com/xiaobingby/TeaCMS/issues/I6GDRU https://gitee.com/xiaobingby/TeaCMS/issues/I6SXAF • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28235 – etcd: Information discosure via debug function
https://notcve.org/view.php?id=CVE-2021-28235
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. • http://etcd.com https://github.com/etcd-io/etcd https://github.com/etcd-io/etcd/pull/15648 https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj.png https://github.com/lucyxss/etcd-3.4.10-test/blob/master/temp4cj_2.png https://access.redhat.com/security/cve/CVE-2021-28235 https://bugzilla.redhat.com/show_bug.cgi?id=2184441 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26858
https://notcve.org/view.php?id=CVE-2023-26858
SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. • https://addons.prestashop.com/en/faq-frequently-asked-questions/16036-frequently-asked-questions-faq-page.html https://friends-of-presta.github.io/security-advisories/modules/2023/03/28/faqs.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47191 – Privilege Escalation via file upload vulnerability at Generex CS141
https://notcve.org/view.php?id=CVE-2022-47191
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. • https://www.generex.de/support/changelogs/cs141/2-12 https://www.generex.de/support/changelogs/cs141/page:2 https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •