CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23537 – Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.
https://notcve.org/view.php?id=CVE-2024-23537
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. Vulnerabilidad de gestión de privilegios incorrecta en Apache Fineract. Este problema afecta a Apache Fineract: <1.8.5. Se recomienda a los usuarios actualizar a la versión 1.9.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/03/29/1 https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report https://lists.apache.org/thread/fq1ns4nprw2vqpkwwj9sw45jkwxmt9f1 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29667
https://notcve.org/view.php?id=CVE-2024-29667
., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. • https://github.com/whgojp/cve-reports/wiki/CMSV6-vehicle-monitoring-platform-system-SQL-injection • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30542 – WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-30542
This makes it possible for unauthenticated attackers to escalate their privileges. • https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52628 – netfilter: nftables: exthdr: fix 4-byte stack OOB write
https://notcve.org/view.php?id=CVE-2023-52628
This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/stable/c/49499c3e6e18b7677a63316f3ff54a16533dc28f https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698 https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082 https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423e • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23482 – ZScalerService Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-23482
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. • https://help.zscaler.com/client-connector/client-connector-app-release-summary-2024 • CWE-20: Improper Input Validation •