CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45503
https://notcve.org/view.php?id=CVE-2023-45503
15 Apr 2024 — SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. • https://github.com/ally-petitt/CVE-2023-45503 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32488
https://notcve.org/view.php?id=CVE-2024-32488
15 Apr 2024 — In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. • https://www.foxit.com/support/security-bulletins.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32019 – ndsudo: local privilege escalation via untrusted search path
https://notcve.org/view.php?id=CVE-2024-32019
12 Apr 2024 — This may lead to local privilege escalation. • https://github.com/netdata/netdata/pull/17377 • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31804 – Terratec dmx_6fire USB - Unquoted Service Path
https://notcve.org/view.php?id=CVE-2024-31804
12 Apr 2024 — An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. • https://www.exploit-db.com/exploits/51977 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-29399
https://notcve.org/view.php?id=CVE-2024-29399
11 Apr 2024 — An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. • https://github.com/ally-petitt/CVE-2024-29399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3101 – Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3101
10 Apr 2024 — In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. • https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31839 – CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
https://notcve.org/view.php?id=CVE-2024-31839
10 Apr 2024 — Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. • https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24245
https://notcve.org/view.php?id=CVE-2024-24245
09 Apr 2024 — An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. • https://www.clamxav.com/version-history • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-26158 – Microsoft Install Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26158
09 Apr 2024 — Microsoft Install Service Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27488
https://notcve.org/view.php?id=CVE-2024-27488
08 Apr 2024 — Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. • https://gist.github.com/tr4pmaker/44442d6f068458175213f4ba71da1312 • CWE-259: Use of Hard-coded Password •