CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-26521
https://notcve.org/view.php?id=CVE-2024-26521
12 Mar 2024 — HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. • https://github.com/hackervegas001/CVE-2024-26521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0670 – Privilege escalation in windows agent
https://notcve.org/view.php?id=CVE-2024-0670
11 Mar 2024 — Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges La escalada de privilegios en el complemento del agente de Windows en Checkmk anterior a 2.2.0p23, 2.1.0p40 y 2.0.0 (EOL) permite al usuario local escalar privilegios • http://seclists.org/fulldisclosure/2024/Mar/29 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49340
https://notcve.org/view.php?id=CVE-2023-49340
09 Mar 2024 — An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal. • https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-49340 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-50015
https://notcve.org/view.php?id=CVE-2023-50015
09 Mar 2024 — An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. • https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28115 – Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled
https://notcve.org/view.php?id=CVE-2024-28115
07 Mar 2024 — FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. • https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2 • CWE-284: Improper Access Control •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26566
https://notcve.org/view.php?id=CVE-2024-26566
07 Mar 2024 — An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. • http://cute.com • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51281
https://notcve.org/view.php?id=CVE-2023-51281
07 Mar 2024 — Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. • https://github.com/geraldoalcantara/CVE-2023-51281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51786
https://notcve.org/view.php?id=CVE-2023-51786
07 Mar 2024 — An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. • http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49982
https://notcve.org/view.php?id=CVE-2023-49982
06 Mar 2024 — Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. • https://github.com/geraldoalcantara/CVE-2023-49982 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27764
https://notcve.org/view.php?id=CVE-2024-27764
05 Mar 2024 — An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. • https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 • CWE-27: Path Traversal: 'dir/../../filename' •