CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7261
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://issues.chromium.org/issues/40064602 • CWE-233: Improper Handling of Parameters •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-36774
https://notcve.org/view.php?id=CVE-2024-36774
An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/OoLs5/VulDiscovery/blob/main/poc.docx • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-36840 – Boelter Blue System Management 1.3 SQL Injection
https://notcve.org/view.php?id=CVE-2024-36840
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. ... Boelter Blue System Management version 1.3 suffers from a remote SQL injection vulnerability. • http://seclists.org/fulldisclosure/2024/Jun/0 https://infosec-db.github.io/CyberDepot/vuln_boelter_blue https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US https://sploitus.com/exploit?id=PACKETSTORM:178978 https://vuldb.com/?id.267594 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2359 – Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2359
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. ... By changing the `host` setting to an attacker-controlled value, the restriction on the `/execute_code` endpoint can be bypassed, leading to remote code execution. • https://huntr.com/bounties/62144831-8d4b-4cf2-9737-5e559f7bc67e • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2360 – Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2360
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. • https://huntr.com/bounties/65d0ef59-a761-4bbd-86fa-dd8e8621082e • CWE-29: Path Traversal: '\..\filename' •