CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28388
https://notcve.org/view.php?id=CVE-2024-28388
14 Mar 2024 — SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. • https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28391
https://notcve.org/view.php?id=CVE-2024-28391
14 Mar 2024 — SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. • https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2432 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2024-2432
13 Mar 2024 — A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. Una vulnerabilidad de escalada de privilegios (PE) en la aplicación Palo Alto Networks GlobalProtect en dispositivos Windows permite a un usuario local ejecutar programas con privilegios elevados. Sin embarg... • https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26199 – Microsoft Office Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26199
12 Mar 2024 — Microsoft Office Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Office This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26002 – PHOENIX CONTACT: File ownership manipulation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-26002
12 Mar 2024 — An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. Una validación de entrada incorrecta en Qualcom plctool permite a un atacante local con privilegios bajos obtener acceso de root cambiando la propiedad de archivos específicos. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices... • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25999 – PHOENIX CONTACT: Privilege escalation in the OCPP agent service
https://notcve.org/view.php?id=CVE-2024-25999
12 Mar 2024 — An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. Un atacante local no autenticado puede realizar una escalada de privilegios debido a una validación de entrada incorrecta en el servicio del agente OCPP. This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. ... An attacker can levera... • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-26521
https://notcve.org/view.php?id=CVE-2024-26521
12 Mar 2024 — HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. • https://github.com/hackervegas001/CVE-2024-26521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27236
https://notcve.org/view.php?id=CVE-2024-27236
11 Mar 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-03-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27233
https://notcve.org/view.php?id=CVE-2024-27233
11 Mar 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-03-01 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27226
https://notcve.org/view.php?id=CVE-2024-27226
11 Mar 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-03-01 • CWE-787: Out-of-bounds Write •