CVE-2023-41099
https://notcve.org/view.php?id=CVE-2023-41099
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur. • https://support.bull.com/ols/product/security/psirt/security-bulletins/cardos-api-local-privilege-escalation-psirt-358-tlp-clear-version-2-6-cve-2023-41099/view • CWE-269: Improper Privilege Management •
CVE-2024-28560
https://notcve.org/view.php?id=CVE-2024-28560
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. • https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 https://gitee.com/niushop-team/niushop_b2c_v5 https://v5.niuteam.cn https://www.niushop.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-28559
https://notcve.org/view.php?id=CVE-2024-28559
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. • https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 https://gitee.com/niushop-team/niushop_b2c_v5 https://v5.niuteam.cn https://www.niushop.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-29866
https://notcve.org/view.php?id=CVE-2024-29866
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. • https://datalust.co https://github.com/datalust/seq-tickets/issues/2127 • CWE-284: Improper Access Control •
CVE-2024-22078
https://notcve.org/view.php?id=CVE-2024-22078
This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. • https://www.elspec-ltd.com/support/security-advisories • CWE-280: Improper Handling of Insufficient Permissions or Privileges •