CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31759
https://notcve.org/view.php?id=CVE-2024-31759
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. • https://1drv.ms/v/s%21AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 https://github.com/menghaining/PoC/blob/main/PublicCMS/publishCMS--PoC.md • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23593
https://notcve.org/view.php?id=CVE-2024-23593
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2024-3772 – Regular expression denial of service in Pydantic < 2.4.0
https://notcve.org/view.php?id=CVE-2024-3772
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. La denegación de servicio de expresión regular en Pydanic < 2.4.0, < 1.10.13 permite a atacantes remotos provocar denegación de servicio a través de una cadena de correo electrónico manipulada. A flaw was found in Pydantic, where it did not properly validate regular expressions containing white spaces. This flaw allows remote users to cause a denial of service attack via a crafted email string. • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation https://github.com/pydantic/pydantic/pull/7360 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI https://access.redhat.com/security/cve/CVE-2024-3772 https://bugzilla.redhat.com/show_bug.cgi? • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28557
https://notcve.org/view.php?id=CVE-2024-28557
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php. • https://github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md https://github.com/xuanluansec/vul/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-32488
https://notcve.org/view.php?id=CVE-2024-32488
In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. • https://www.foxit.com/support/security-bulletins.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges •