CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48112
https://notcve.org/view.php?id=CVE-2024-48112
30 Oct 2024 — A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. • https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48214
https://notcve.org/view.php?id=CVE-2024-48214
30 Oct 2024 — KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera. • https://medium.com/%40shenhavmor/exploiting-a-chinese-camera-for-fun-cve-2024-48214-2d56848870c2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48733
https://notcve.org/view.php?id=CVE-2024-48733
30 Oct 2024 — SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. ... SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users. • http://sas.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48807
https://notcve.org/view.php?id=CVE-2024-48807
30 Oct 2024 — Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. • https://medium.com/%40KrishnaChaganti/cross-site-scripting-xss-in-appointment-management-system-cve-2024-48807-0f7523be9fa2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51243
https://notcve.org/view.php?id=CVE-2024-51243
30 Oct 2024 — The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. Eladmin v2.7 y anteriores contienen una vulnerabilidad de ejecución remota de código (RCE) que puede controlar todos los servidores de implementación de aplicaciones de este sistema de administración a través de DeployController.java. • https://github.com/shadia0/Patienc/blob/main/eladmin_rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51419
https://notcve.org/view.php?id=CVE-2024-51419
30 Oct 2024 — ., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code. • https://gist.github.com/475bd8bc21c4f4dfc8f26ce35eb6ca28.git • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51424
https://notcve.org/view.php?id=CVE-2024-51424
30 Oct 2024 — An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned.setOwner function Un problema en Ethereum v.1.12.2 permite a un atacante remoto ejecutar código arbitrario a través de la función Owned.setOwner An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/AURA_0x967d176328948e4db4446b8caf623ff9b47221fb.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51427
https://notcve.org/view.php?id=CVE-2024-51427
30 Oct 2024 — An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng smart contract mint function. ... An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the mint function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/PepeGxng_0x5d8d1f28cad84fad8d2fea9fdd4ab5022d23b0fe.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31972
https://notcve.org/view.php?id=CVE-2024-31972
30 Oct 2024 — EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-Fi SSID input fields. • https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-31972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7992 – Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7992
29 Oct 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021 • CWE-121: Stack-based Buffer Overflow •