CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33267
https://notcve.org/view.php?id=CVE-2024-33267
SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. • https://security.friendsofpresta.org/modules/2024/04/29/hfheropayment.html https://www.heropay.eu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33308
https://notcve.org/view.php?id=CVE-2024-33308
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. • https://github.com/aaravavi/TVS-Connect-Application-VAPT https://github.com/aaravavi/TVS-Connect-Application-VAPT/tree/main https://github.com/msn-official/CVE-Evidence • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33275
https://notcve.org/view.php?id=CVE-2024-33275
SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. • https://security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html https://www.webbax.ch/2017/08/30/9-modules-prestashop-gratuits-offert-par-webbax • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33273
https://notcve.org/view.php?id=CVE-2024-33273
SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. • https://security.friendsofpresta.org/modules/2024/04/29/shipup.html https://www.shipup.co/fr • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34011
https://notcve.org/view.php?id=CVE-2024-34011
Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-7171 • CWE-276: Incorrect Default Permissions •