CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40487
https://notcve.org/view.php?id=CVE-2024-40487
08 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37382
https://notcve.org/view.php?id=CVE-2024-37382
08 Aug 2024 — An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. • https://www.abinitio.com/en/security-advisories/ab-2024-003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6891 – Journyx Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6891
07 Aug 2024 — Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. • https://packetstorm.news/files/id/180002 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-43160 – WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-43160
07 Aug 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /api/store_webp.php file in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to upload arbit... • https://github.com/KTN1990/CVE-2024-43160 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43128 – WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-43128
07 Aug 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1. • https://patchstack.com/database/vulnerability/wc-product-table-lite/wordpress-woocommerce-product-table-lite-plugin-3-5-1-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7550 – Debian Security Advisory 5741-1
https://notcve.org/view.php?id=CVE-2024-7550
06 Aug 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7536 – Debian Security Advisory 5741-1
https://notcve.org/view.php?id=CVE-2024-7536
06 Aug 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7535 – Debian Security Advisory 5741-1
https://notcve.org/view.php?id=CVE-2024-7535
06 Aug 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7534 – Debian Security Advisory 5741-1
https://notcve.org/view.php?id=CVE-2024-7534
06 Aug 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7533 – Debian Security Advisory 5741-1
https://notcve.org/view.php?id=CVE-2024-7533
06 Aug 2024 — (Chromium security severity: High) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •