CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-28613
https://notcve.org/view.php?id=CVE-2024-28613
SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component. • https://github.com/hakkitoklu/hunt/blob/main/PHP%20Task%20Management%20System/sqli.md https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32960 – WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-32960
This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their privileges. • https://patchstack.com/database/vulnerability/booking-ultra-pro/wordpress-booking-ultra-pro-plugin-1-1-12-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32656 – Ant Media Server vulnerable to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-32656
A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. ... This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. • https://github.com/ant-media/Ant-Media-Server/commit/9cb38500729e0ff302da0290b9cfe1ec4dd6c764 https://github.com/ant-media/Ant-Media-Server/security/advisories/GHSA-qwhw-hh9j-54f5 • CWE-862: Missing Authorization •
CVSS: 2.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-32405
https://notcve.org/view.php?id=CVE-2024-32405
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. • https://cxsecurity.com/issue/WLB-2024040051 https://packetstormsecurity.com/files/178101/Relate-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
So, it can leads to LPE on server as root and RCE on agent as root. ... Por lo tanto, puede conducir a LPE en el servidor como raíz y a RCE en el agente como raíz. • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •