CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27710
https://notcve.org/view.php?id=CVE-2024-27710
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27710-privilege-escalation-via-authentication-mechanism-in-eskooly-web-product-less-than-v3 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27711
https://notcve.org/view.php?id=CVE-2024-27711
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27711-user-enumeration-via-sign-up-process-in-eskooly-web-product-less-than-v3.0 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27712
https://notcve.org/view.php?id=CVE-2024-27712
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. • https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27712-user-enumeration-via-account-settings-in-eskooly-web-product-less-than-v3.0 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27715
https://notcve.org/view.php?id=CVE-2024-27715
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0 • CWE-620: Unverified Password Change •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27713
https://notcve.org/view.php?id=CVE-2024-27713
05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27713-protection-mechanism-failure-in-eskooly-web-product-less-than-v3.0 • CWE-693: Protection Mechanism Failure •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37769
https://notcve.org/view.php?id=CVE-2024-37769
05 Jul 2024 — Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. • https://github.com/b1ackc4t/14Finger/issues/12 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39934
https://notcve.org/view.php?id=CVE-2024-39934
04 Jul 2024 — Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment. Robotmk anterior a 2.0.1 permite a un usuario local escalar privilegios (por ejemplo, a SYSTEM) si la configuración automatizada del entorno Python está habilitada, porque la función "uso de holoárbol compartido" permite a cualquier usuario editar cualq... • https://checkmk.com/werk/16434 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-37726
https://notcve.org/view.php?id=CVE-2024-37726
03 Jul 2024 — ., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-51776
https://notcve.org/view.php?id=CVE-2023-51776
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. • https://jungo.com/windriver/versions •
CVSS: 8.8EPSS: 0%CPEs: 43EXPL: 0CVE-2024-22106
https://notcve.org/view.php?id=CVE-2024-22106
02 Jul 2024 — Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). • https://jungo.com/windriver/versions • CWE-269: Improper Privilege Management •