Page 76 of 3053 results (0.127 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. • https://github.com/Neo-XeD/CVE-2024-33775 https://www.nagios.com/changelog/#nagios-xi • CWE-269: Improper Privilege Management •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 1

If exploited an attacker could escalate privileges on af-fected installations. • https://github.com/HazardLab-IO/CVE-2024-23780 https://publisher.hitachienergy.com/preview?DocumentId=8DBD000191&languageCode=en&Preview=true • CWE-863: Incorrect Authorization •

CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0

Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. • https://hbzms.github.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. • https://security.friendsofpresta.org/modules/2024/04/29/hfheropayment.html https://www.heropay.eu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. • https://github.com/aaravavi/TVS-Connect-Application-VAPT https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main https://github.com/msn-official/CVE-Evidence • CWE-269: Improper Privilege Management •