CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45503
https://notcve.org/view.php?id=CVE-2023-45503
15 Apr 2024 — SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. • https://github.com/ally-petitt/CVE-2023-45503 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32019 – ndsudo: local privilege escalation via untrusted search path
https://notcve.org/view.php?id=CVE-2024-32019
12 Apr 2024 — This may lead to local privilege escalation. • https://github.com/netdata/netdata/pull/17377 • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-31804 – Terratec dmx_6fire USB - Unquoted Service Path
https://notcve.org/view.php?id=CVE-2024-31804
12 Apr 2024 — An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. Una vulnerabilidad de ruta de servicio sin comillas en Terratec DMX_6Fire USB v.1.23.0.02 permite a un atacante local escalar privilegios a través del componente Program.exe. • https://www.ired.team/offensive-security/privilege-escalation/unquoted-service-paths • CWE-428: Unquoted Search Path or Element •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-29399
https://notcve.org/view.php?id=CVE-2024-29399
11 Apr 2024 — An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. • https://github.com/ally-petitt/CVE-2024-29399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3101 – Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3101
10 Apr 2024 — In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. • https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-31839 – CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
https://notcve.org/view.php?id=CVE-2024-31839
10 Apr 2024 — Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. • https://packetstorm.news/files/id/178654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24245
https://notcve.org/view.php?id=CVE-2024-24245
09 Apr 2024 — An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. Un problema en Canimaan Software LTD ClamXAV v3.1.2 a v3.6.1 y solucionado en v.3.6.2 permite a un atacante local escalar privilegios a través del componente de herramienta auxiliar ClamXAV. • https://www.clamxav.com/version-history • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-26158 – Microsoft Install Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26158
09 Apr 2024 — Microsoft Install Service Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27631
https://notcve.org/view.php?id=CVE-2024-27631
08 Apr 2024 — Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php Vulnerabilidad de Cross Site Request Forgery en GNU Savane v.3.12 y anteriores permite a un atacante remoto escalar privilegios a través de siteadmin/usergroup.php • https://github.com/ally-petitt/CVE-2024-27631 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27488
https://notcve.org/view.php?id=CVE-2024-27488
08 Apr 2024 — Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. • https://gist.github.com/tr4pmaker/44442d6f068458175213f4ba71da1312 • CWE-259: Use of Hard-coded Password •