CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48758
https://notcve.org/view.php?id=CVE-2024-48758
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code Se descubrió que dingfanzu CMS V1.0 contiene Cross-Site Request Forgery (CSRF) a través del parámetro addPro del componente doAdminAction.php que permite a un atacante remoto ejecutar código arbitrario. • https://github.com/Yllxx03/CVE/blob/main/CVE-2024-48758/CVE-2024-48758.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-48744
https://notcve.org/view.php?id=CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-46213
https://notcve.org/view.php?id=CVE-2024-46213
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Se descubrió que REDAXO CMS v2.11.0 contenía una vulnerabilidad de ejecución remota de código (RCE). • https://github.com/Purposex7/Vulns4Study/blob/main/REDAXO%20Cronjobs%20%20AddOns%20RCE.md •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9965
https://notcve.org/view.php?id=CVE-2024-9965
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/352651673 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21259 – Oracle VirtualBox TPM Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21259
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual TPM device. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •