CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-41099
https://notcve.org/view.php?id=CVE-2023-41099
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur. • https://support.bull.com/ols/product/security/psirt/security-bulletins/cardos-api-local-privilege-escalation-psirt-358-tlp-clear-version-2-6-cve-2023-41099/view • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-29866
https://notcve.org/view.php?id=CVE-2024-29866
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. • https://datalust.co https://github.com/datalust/seq-tickets/issues/2127 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28395
https://notcve.org/view.php?id=CVE-2024-28395
SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. • https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22078
https://notcve.org/view.php?id=CVE-2024-22078
This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. • https://www.elspec-ltd.com/support/security-advisories • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28392
https://notcve.org/view.php?id=CVE-2024-28392
SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. • https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html https://security.friendsofpresta.org/modules/2024/03/14/pscartabandonmentpro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •