CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2378
https://notcve.org/view.php?id=CVE-2024-2378
30 Apr 2024 — If exploited an attacker could escalate privileges on af-fected installations. • https://github.com/HazardLab-IO/CVE-2024-23780 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33267
https://notcve.org/view.php?id=CVE-2024-33267
30 Apr 2024 — SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. • https://security.friendsofpresta.org/modules/2024/04/29/hfheropayment.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33273
https://notcve.org/view.php?id=CVE-2024-33273
30 Apr 2024 — SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. • https://security.friendsofpresta.org/modules/2024/04/29/shipup.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33275
https://notcve.org/view.php?id=CVE-2024-33275
30 Apr 2024 — SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. • https://security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33308
https://notcve.org/view.php?id=CVE-2024-33308
30 Apr 2024 — An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. • https://github.com/aaravavi/TVS-Connect-Application-VAPT • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33465
https://notcve.org/view.php?id=CVE-2024-33465
30 Apr 2024 — Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. • https://hbzms.github.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34011
https://notcve.org/view.php?id=CVE-2024-34011
29 Apr 2024 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-7171 • CWE-276: Incorrect Default Permissions •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34010
https://notcve.org/view.php?id=CVE-2024-34010
29 Apr 2024 — Local privilege escalation due to unquoted search path vulnerability. ... Local privilege escalation due to unquoted search path vulnerability. • https://security-advisory.acronis.com/advisories/SEC-7110 • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33444
https://notcve.org/view.php?id=CVE-2024-33444
29 Apr 2024 — SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. • https://gist.github.com/LioTree/1971a489dd5ff619b89e7a9e1da91152 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31502
https://notcve.org/view.php?id=CVE-2024-31502
26 Apr 2024 — An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. • https://github.com/sahildari/cve/blob/master/CVE-2024-31502.md • CWE-269: Improper Privilege Management •