Lucene search
+L

121 matches found

wpvulndb
wpvulndb
added 2023/09/07 12:0 a.m.17 views

Kangu para WooCommerce < 2.2.10 - Reflected XSS

Description The plugin does not sanitise and escape the etiqueta parameters before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00324EPSS
Exploits0Affected Software1
osv
osv
added 2023/09/01 12:0 a.m.34 views

ASB-A-245135112

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.9AI score0.00152EPSS
Exploits0References2
githubexploit
githubexploit
added 2023/08/21 6:25 a.m.544 views

Exploit for CVE-2023-20562

HITCON 2023 Demo CVE-2023-20562 Description This demonstra...

7.8CVSS8AI score0.0115EPSS
Exploits2
packetstorm
packetstorm
added 2023/08/11 12:0 a.m.452 views

systemd 246 Local Root Privilege Escalation

Exploit Title: systemd 246 - Local Privilege Escalation Exploit Author: Iyaad Luqman K init6 Application: systemd 246 Tested on: Ubuntu 22.04 CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the systemctl status command can be run as root user. Th...

7.8CVSS7.1AI score0.01051EPSS
Exploits4
vulnrichment
vulnrichment
added 2023/07/14 4:49 a.m.10 views

CVE-2023-3513 RazerCentralService Unsafe Deserialization Escalation of Privilege

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization...

7.8CVSS6.9AI score0.00343EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/07/11 4:56 p.m.12 views

CVE-2023-34116

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access...

8.2CVSS7.2AI score0.00959EPSS
Exploits0References1
cvelist
cvelist
added 2023/04/06 12:0 a.m.29 views

CVE-2023-20658

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396...

7AI score0.00093EPSS
Exploits0References1
cvelist
cvelist
added 2023/03/24 12:0 a.m.38 views

CVE-2023-21000

In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918...

8AI score0.00078EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.108 views

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

8.8CVSS8.6AI score0.00905EPSS
Exploits2References1
githubexploit
githubexploit
added 2023/02/22 5:50 p.m.387 views

Exploit for Improper Privilege Management in Sudo_Project Sudo

CVE-2023-22809 Ref: https://vulners.com/cve/CVE-2023-22809...

7.8CVSS8.1AI score0.55367EPSS
Exploits20
cvelist
cvelist
added 2022/12/16 12:0 a.m.41 views

CVE-2022-20537

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is...

4.5AI score0.00109EPSS
Exploits0References1
nvd
nvd
added 2022/12/13 4:15 p.m.45 views

CVE-2022-20501

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

7.3CVSS0.00133EPSS
Exploits0References1
nvd
nvd
added 2022/12/06 12:15 a.m.26 views

CVE-2022-4173

A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10...

8.8CVSS0.00681EPSS
Exploits0References1
redhatcve
redhatcve
added 2022/07/14 8:21 a.m.28 views

CVE-2022-2385

A flaw was found in aws-iam-authenticator. This issue occurs when an allow-listed IAM identity may be able to modify their username and escalate privileges...

8.1CVSS4.1AI score0.0097EPSS
Exploits0References4
osv
osv
added 2022/07/12 2:25 p.m.22 views

CVE-2022-2385 AccessKeyID validation bypass

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

8.1CVSS7.1AI score0.0097EPSS
Exploits0References4
nvd
nvd
added 2022/06/15 2:15 p.m.25 views

CVE-2022-20138

In ACTIONMANAGEDPROFILEPROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGEDPROFILEPROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS0.00209EPSS
Exploits0References1
cvelist
cvelist
added 2022/06/15 1:22 p.m.28 views

CVE-2022-20192

In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.9AI score0.00112EPSS
Exploits0References1
nvd
nvd
added 2022/05/20 1:15 p.m.18 views

CVE-2022-27095

BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level...

7.8CVSS0.00416EPSS
Exploits1References1
nvd
nvd
added 2022/05/10 8:15 p.m.20 views

CVE-2022-20116

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

7.8CVSS0.00113EPSS
Exploits0References1
nvd
nvd
added 2022/05/03 8:15 p.m.23 views

CVE-2022-20094

In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734...

6.7CVSS0.00108EPSS
Exploits0References1
Rows per page
Query Builder