CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48902 – Tramyardg Autoexpress 1.3.0 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-48902
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. • https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2390 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-2390
This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2024-05 • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: -EXPL: 2CVE-2024-25227
https://notcve.org/view.php?id=CVE-2024-25227
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. • https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227 https://github.com/thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227 https://thetrueartist.wixsite.com/cveblog/post/understanding-the-potential-impact-of-cve-2024-25227-what-you-need-to-know-and-how-it-was-discovered •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-06070 – Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-06070
Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability. •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28388
https://notcve.org/view.php?id=CVE-2024-28388
SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. • https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •