Page 86 of 3512 results (0.413 seconds)

CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0

An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. • https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 https://github.com/flipped-aurora/gin-vue-admin/issues/1324 https://github.com/menghaining/PoC/blob/main/gin-vue-admin/gin-vue-admin--PoC.md • CWE-266: Incorrect Privilege Assignment •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. • https://1drv.ms/v/s%21AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 https://github.com/menghaining/PoC/blob/main/PublicCMS/publishCMS--PoC.md • CWE-284: Improper Access Control •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. La denegación de servicio de expresión regular en Pydanic &lt; 2.4.0, &lt; 1.10.13 permite a atacantes remotos provocar denegación de servicio a través de una cadena de correo electrónico manipulada. A flaw was found in Pydantic, where it did not properly validate regular expressions containing white spaces. This flaw allows remote users to cause a denial of service attack via a crafted email string. • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation https://github.com/pydantic/pydantic/pull/7360 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI https://access.redhat.com/security/cve/CVE-2024-3772 https://bugzilla.redhat.com/show_bug.cgi? • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php. • https://github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md https://github.com/xuanluansec/vul/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •