CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28559
https://notcve.org/view.php?id=CVE-2024-28559
22 Mar 2024 — SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. • https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28392
https://notcve.org/view.php?id=CVE-2024-28392
20 Mar 2024 — SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. • https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28395
https://notcve.org/view.php?id=CVE-2024-28395
20 Mar 2024 — SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. • https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48902 – Tramyardg Autoexpress 1.3.0 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-48902
19 Mar 2024 — An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. • https://packetstorm.news/files/id/177661 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2390 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-2390
18 Mar 2024 — This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2024-05 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-25227
https://notcve.org/view.php?id=CVE-2024-25227
15 Mar 2024 — SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. • https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227 •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22655 – kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)
https://notcve.org/view.php?id=CVE-2023-22655
14 Mar 2024 — Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. La falla del mecanismo de protección en algunos procesadores Intel(R) Xeon(R) de tercera y cuarta generación cuando se utiliza Intel(R) SGX o Intel(R) TDX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50677
https://notcve.org/view.php?id=CVE-2023-50677
14 Mar 2024 — An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. • https://gist.github.com/DMIND-NLL/b61b8d8d20271adf60fc717b3b48faff • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-06070 – Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-06070
14 Mar 2024 — Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability. • https://packetstorm.news/files/id/177606 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28390
https://notcve.org/view.php?id=CVE-2024-28390
14 Mar 2024 — An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. • https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html • CWE-284: Improper Access Control •