CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-36821
https://notcve.org/view.php?id=CVE-2024-36821
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Permisos inseguros en Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 permite a los atacantes escalar privilegios de Invitado a raíz a través de un directory traversal. • https://github.com/IvanGlinkin/CVE-2024-36821 https://downloads.linksys.com/support/assets/releasenotes/WHW01_VLP01_1.1.13.202617_Customer_Release_Notes.txt • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34332
https://notcve.org/view.php?id=CVE-2024-34332
An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. • https://belong2yourself.github.io/vulnerabilities/docs/SANDRA/Elevation-of-Privileges/readme • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26507
https://notcve.org/view.php?id=CVE-2024-26507
An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components. Un problema en FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 y anteriores permite a un atacante local escalar privilegios a través de la llamada DeviceIoControl asociada con los componentes MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPaggedPool o MmMapLockedPages. • https://belong2yourself.github.io/vulnerabilities/docs/AIDA/Elevation-of-Privileges/readme • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7261
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) La implementación inadecuada en Google Updatetor anterior a la versión 1.3.36.351 en Google Chrome permitió a un atacante local realizar una escalada de privilegios a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://issues.chromium.org/issues/40064602 • CWE-233: Improper Handling of Parameters •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-3110 – Stored XSS leading to admin account takeover in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3110
The attacker can then use this token to perform unauthorized actions, escalate privileges to admin, or directly take over the admin account. • https://github.com/mintplex-labs/anything-llm/commit/49f30e051c9f6e28977d57d0e5f49c1294094e41 https://huntr.com/bounties/c2895978-364d-412d-8825-c806606bcb85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •