CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25421
https://notcve.org/view.php?id=CVE-2024-25421
26 Mar 2024 — An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25420
https://notcve.org/view.php?id=CVE-2024-25420
26 Mar 2024 — An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. • https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/admin/AdminManager.java • CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24892 – Unauthorized RCE in migration-tools
https://notcve.org/view.php?id=CVE-2024-24892
25 Mar 2024 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. • https://gitee.com/src-openeuler/migration-tools/pulls/12 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28421
https://notcve.org/view.php?id=CVE-2024-28421
25 Mar 2024 — SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php Vulnerabilidad de inyección SQL en Razor 0.8.0 permite a un atacante remoto escalar privilegios a través del método ChannelModel::updateapk de channelmodle.php • https://gist.github.com/LioTree/003202727a61c0fb3ec3c948ab5e38f9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28393
https://notcve.org/view.php?id=CVE-2024-28393
25 Mar 2024 — SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. • https://addons.prestashop.com/fr/paiement-en-plusieurs-fois/87023-scalapay-payez-en-3-fois-sans-frais.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29666
https://notcve.org/view.php?id=CVE-2024-29666
25 Mar 2024 — Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. • https://github.com/whgojp/cve-reports/wiki/There-is-a-weak-password-in-the-CMSV6-vehicle-monitoring-platform-system • CWE-1393: Use of Default Password •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28824 – Privilege escalation in mk_informix plugin
https://notcve.org/view.php?id=CVE-2024-28824
22 Mar 2024 — Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. • https://checkmk.com/werk/16198 • CWE-272: Least Privilege Violation CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0638 – Privilege escalation in mk_oracle plugins
https://notcve.org/view.php?id=CVE-2024-0638
22 Mar 2024 — Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. • https://checkmk.com/werk/16232 • CWE-272: Least Privilege Violation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28560
https://notcve.org/view.php?id=CVE-2024-28560
22 Mar 2024 — SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. • https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41099
https://notcve.org/view.php?id=CVE-2023-41099
22 Mar 2024 — In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur. • https://support.bull.com/ols/product/security/psirt/security-bulletins/cardos-api-local-privilege-escalation-psirt-358-tlp-clear-version-2-6-cve-2023-41099/view • CWE-269: Improper Privilege Management •