CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25493
https://notcve.org/view.php?id=CVE-2023-25493
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30923 – DerbyNet 9.0 print/render/racer.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30923
SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering Vulnerabilidad de inyección SQL en DerbyNet v9.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de la cláusula donde en Racer Document Rendering DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30922 – DerbyNet 9.0 print/render/award.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30922
SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. ... DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30928 – DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
https://notcve.org/view.php?id=CVE-2024-30928
SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc La vulnerabilidad de inyección SQL en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar comandos SQL arbitrarios a través del parámetro 'classids' en ajax/query.slide.next.inc DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-30929 – DerbyNet 9.0 playlist.php Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-30929
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php La vulnerabilidad de Cross Site Scripting en DerbyNet v9.0 y versiones anteriores permite a los atacantes ejecutar código arbitrario a través del parámetro "atrás" en playlist.php DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php. • https://chocapikk.com/posts/2024/derbynet-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •