CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2024-34240
https://notcve.org/view.php?id=CVE-2024-34240
QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records. • https://grumpz.net/cve-2024-34240-latest-stored-xss-0day-vulnerability-unveiled • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 4CVE-2024-22274
https://notcve.org/view.php?id=CVE-2024-22274
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. vCenter Server contiene una vulnerabilidad de ejecución remota de código autenticado. Un actor malintencionado con privilegios administrativos en el shell del dispositivo vCenter puede aprovechar este problema para ejecutar comandos arbitrarios en el sistema operativo subyacente. • https://github.com/mbadanoiu/CVE-2024-22274 https://github.com/l0n3m4n/CVE-2024-22274-RCE https://github.com/ninhpn1337/CVE-2024-22274 https://github.com/Mustafa1986/CVE-2024-22274-RCE https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31335 – PowerVR DevmemIntChangeSparse2() Dangling Page Table Entry
https://notcve.org/view.php?id=CVE-2024-31335
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. • https://source.android.com/security/bulletin/2024-07-01 • CWE-783: Operator Precedence Logic Error •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34724 – PowerVR _UnrefAndMaybeDestroy() Use-After-Free
https://notcve.org/view.php?id=CVE-2024-34724
In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. • https://source.android.com/security/bulletin/2024-07-01 • CWE-368: Context Switching Race Condition •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4261 – Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-4261
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. El complemento Responsive Contact Form Builder & Lead Generation Plugin para WordPress es vulnerable a la ejecución arbitraria de códigos cortos en todas las versiones hasta la 1.9.1 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acción que no valida correctamente un valor antes de ejecutar do_shortcode. • https://plugins.trac.wordpress.org/browser/lead-form-builder/trunk/block/app.php#L24 https://www.wordfence.com/threat-intel/vulnerabilities/id/858d8641-7455-47c2-9639-480ce4ec3540?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •