CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37859 – Lost and Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37859
13 Jun 2024 — Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. • https://packetstorm.news/files/id/179081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36587
https://notcve.org/view.php?id=CVE-2024-36587
13 Jun 2024 — Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy. • https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36587.md • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36586
https://notcve.org/view.php?id=CVE-2024-36586
13 Jun 2024 — An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. • https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36586.md • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37856 – Lost and Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37856
13 Jun 2024 — Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. • https://packetstorm.news/files/id/179078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37858 – Lost and Found Information System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2024-37858
13 Jun 2024 — SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. • https://packetstorm.news/files/id/179079 • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30376 – Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-30376
13 Jun 2024 — Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. ... An attacker can leverage this vulnerability to escalate privileges
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5907 – Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-5907
12 Jun 2024 — A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. Una vulnerabilidad de escalada de privilegios (PE) en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local ejecutar program... • https://security.paloaltonetworks.com/CVE-2024-5907 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-5742 – Nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file
https://notcve.org/view.php?id=CVE-2024-5742
12 Jun 2024 — A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. ... It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while ed... • https://access.redhat.com/security/cve/CVE-2024-5742 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37665
https://notcve.org/view.php?id=CVE-2024-37665
12 Jun 2024 — An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. • https://github.com/648540858/wvp-GB28181-pro • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-30089 – Microsoft Streaming Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-30089
11 Jun 2024 — Microsoft Streaming Service Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del servicio de transmisión de Microsoft This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30089 • CWE-416: Use After Free •