CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48902 – Tramyardg Autoexpress 1.3.0 Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-48902
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. • https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-2390 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-2390
This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. • https://www.tenable.com/security/tns-2024-05 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52610 – net/sched: act_ct: fix skb leak and crash on ooo frags
https://notcve.org/view.php?id=CVE-2023-52610
This flaw allows a local or remote user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/stable/c/b57dc7c13ea90e09ae15f821d2583fa0231b4935 https://git.kernel.org/stable/c/172ba7d46c202e679f3ccb10264c67416aaeb1c4 https://git.kernel.org/stable/c/0b5b831122fc3789fff75be433ba3e4dd7b779d4 https://git.kernel.org/stable/c/73f7da5fd124f2cda9161e2e46114915e6e82e97 https://git.kernel.org/stable/c/f5346df0591d10bc948761ca854b1fae6d2ef441 https://git.kernel.org/stable/c/3f14b377d01d8357eba032b4cabc8c1149b458b6 https://access.redhat.com/security/cve/CVE-2023-52610 https://bugzilla.redhat.com/show_bug.cgi?id=2270080 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: -EPSS: 0%CPEs: -EXPL: 2CVE-2024-25227
https://notcve.org/view.php?id=CVE-2024-25227
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. • https://github.com/thetrueartist/ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227 https://github.com/thetrueartist/ABO.CMS-Login-SQLi-CVE-2024-25227 https://thetrueartist.wixsite.com/cveblog/post/understanding-the-potential-impact-of-cve-2024-25227-what-you-need-to-know-and-how-it-was-discovered •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-22655 – kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)
https://notcve.org/view.php?id=CVE-2023-22655
This issue may allow a malicious actor to achieve local privilege escalation when using Intel SGX or Intel TDX features. • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html https://security.netapp.com/advisory/ntap-20240405-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html https://access.redhat.com/security/cve/CVE-2023-22655 https://bugzilla.redhat.com/show_bug.cgi?id=2270698 • CWE-693: Protection Mechanism Failure •