CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6631 – Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element
https://notcve.org/view.php?id=CVE-2023-6631
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. • https://subnet.com/contact https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-01 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50612
https://notcve.org/view.php?id=CVE-2023-50612
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. • https://github.com/yaowenxiao721/CloudExplorer-Lite-v1.4.1-vulnerability-BOPLA • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50027
https://notcve.org/view.php?id=CVE-2023-50027
SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. • https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46741 – CubeFS leaks magic secret key when starting Blobstore access service
https://notcve.org/view.php?id=CVE-2023-46741
A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. • https://github.com/cubefs/cubefs/commit/972f0275ee8d5dbba4b1530da7c145c269b31ef5 https://github.com/cubefs/cubefs/security/advisories/GHSA-8h2x-gr2c-c275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41776 – Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI
https://notcve.org/view.php?id=CVE-2023-41776
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •