CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21112 – Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21112
16 Apr 2024 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2024.html •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21110 – Oracle VirtualBox Guest Additions Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21110
16 Apr 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root on the target guest system. • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31759
https://notcve.org/view.php?id=CVE-2024-31759
16 Apr 2024 — An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. • https://1drv.ms/v/s%21AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31760
https://notcve.org/view.php?id=CVE-2024-31760
16 Apr 2024 — An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. • https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23593
https://notcve.org/view.php?id=CVE-2024-23593
15 Apr 2024 — A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. Se informó una vulnerabilidad en un gestor de arranque de recuperación del sistema que formaba parte de los sistemas operativos Windows 7 y 8 precargados de Lenovo de 2012 a 2014 que podría permitir a un atacante privilegiado con a... • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2024-3772 – Regular expression denial of service in Pydantic < 2.4.0
https://notcve.org/view.php?id=CVE-2024-3772
15 Apr 2024 — Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. La denegación de servicio de expresión regular en Pydanic < 2.4.0, < 1.10.13 permite a atacantes remotos provocar denegación de servicio a través de una cadena de correo electrónico manipulada. A flaw was found in Pydantic, where it did not properly validate regular expressions containing white spaces. This flaw allows remote users to cause a denial of servi... • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28556
https://notcve.org/view.php?id=CVE-2024-28556
15 Apr 2024 — SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. • https://github.com/xuanluansec/vul/blob/main/vul/1/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28557
https://notcve.org/view.php?id=CVE-2024-28557
15 Apr 2024 — SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php. • https://github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32488
https://notcve.org/view.php?id=CVE-2024-32488
15 Apr 2024 — In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. • https://www.foxit.com/support/security-bulletins.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28558
https://notcve.org/view.php?id=CVE-2024-28558
15 Apr 2024 — SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php. • https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •