Page 88 of 3547 results (0.225 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. • https://www.foxit.com/support/security-bulletins.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. • https://github.com/xuanluansec/vul/blob/main/vul/1/README.md https://github.com/xuanluansec/vul/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php. • https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md https://github.com/xuanluansec/vul/issues/3#issue-2243633522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1

SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. • https://github.com/ally-petitt/CVE-2023-45503 https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

This may lead to local privilege escalation. • https://github.com/netdata/netdata/pull/17377 https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 • CWE-426: Untrusted Search Path •