CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-26566
https://notcve.org/view.php?id=CVE-2024-26566
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. • http://cute.com https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20English.md https://github.com/GZLDL/CVE/tree/main/Cute%20Http%20File%20Server%20JWT • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 1CVE-2023-49982
https://notcve.org/view.php?id=CVE-2023-49982
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. • https://github.com/geraldoalcantara/CVE-2023-49982 https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27764
https://notcve.org/view.php?id=CVE-2024-27764
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. • https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 • CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43318 – TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-43318
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. • https://github.com/str2ver/CVE-2023-43318 https://github.com/str2ver/CVE-2023-43318/tree/main https://seclists.org/fulldisclosure/2024/Mar/9 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27718
https://notcve.org/view.php?id=CVE-2024-27718
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. • https://github.com/tldjgggg/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •