CVE-2024-31760
https://notcve.org/view.php?id=CVE-2024-31760
An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. • https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 https://github.com/flipped-aurora/gin-vue-admin/issues/1324 https://github.com/menghaining/PoC/blob/main/gin-vue-admin/gin-vue-admin--PoC.md • CWE-266: Incorrect Privilege Assignment •
CVE-2024-31759
https://notcve.org/view.php?id=CVE-2024-31759
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. • https://1drv.ms/v/s%21AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158 https://github.com/menghaining/PoC/blob/main/PublicCMS/publishCMS--PoC.md • CWE-284: Improper Access Control •
CVE-2024-23593
https://notcve.org/view.php?id=CVE-2024-23593
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2024-3772 – Regular expression denial of service in Pydantic < 2.4.0
https://notcve.org/view.php?id=CVE-2024-3772
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. La denegación de servicio de expresión regular en Pydanic < 2.4.0, < 1.10.13 permite a atacantes remotos provocar denegación de servicio a través de una cadena de correo electrónico manipulada. A flaw was found in Pydantic, where it did not properly validate regular expressions containing white spaces. This flaw allows remote users to cause a denial of service attack via a crafted email string. • https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation https://github.com/pydantic/pydantic/pull/7360 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JBZLMSH4GAZOVBMT2JUO2LXHY7M2ALI https://access.redhat.com/security/cve/CVE-2024-3772 https://bugzilla.redhat.com/show_bug.cgi? • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2024-28557
https://notcve.org/view.php?id=CVE-2024-28557
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php. • https://github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md https://github.com/xuanluansec/vul/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •