CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0NotCVE-2023-0001 – Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
https://notcve.org/view.php?id=NotCVE-2023-0001
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41721 – bhyve(8) out-of-bounds read access via XHCI emulation
https://notcve.org/view.php?id=CVE-2024-41721
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. • https://security.freebsd.org/advisories/FreeBSD-SA-24:15.bhyve.asc • CWE-125: Out-of-bounds Read •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-37879
https://notcve.org/view.php?id=CVE-2024-37879
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo". • https://www.usvn.info/news.html https://github.com/usvn/usvn/commit/6b4678954fca9635154743b95ff9c8947cf5f46f https://github.com/usvn/usvn/releases/tag/1.0.12 https://www.usvn.info/2024/06/09/usvn-1.0.12 •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42697
https://notcve.org/view.php?id=CVE-2024-42697
Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. • https://github.com/JustDinooo/CVEs/blob/main/CVE-2024-42697/poc.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45489
https://notcve.org/view.php?id=CVE-2024-45489
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. • https://kibty.town/blog/arc https://news.ycombinator.com/item?id=41597250 https://arc.net/blog/CVE-2024-45489-incident-response • CWE-284: Improper Access Control •