CVE-2022-32504
https://notcve.org/view.php?id=CVE-2022-32504
An attacker would be able to exploit this to gain arbitrary code execution on a KeyTurner device. • https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks https://nuki.io/en/security-updates https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2 https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-27939
https://notcve.org/view.php?id=CVE-2024-27939
An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges. • https://cert-portal.siemens.com/productcert/html/ssa-916916.html • CWE-862: Missing Authorization •
CVE-2024-27818
https://notcve.org/view.php?id=CVE-2024-27818
An attacker may be able to cause unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/May/10 http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/HT214106 https://support.apple.com/kb/HT214100 •
CVE-2024-27829 – Apple macOS VideoToolbox Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27829
Processing a file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 • CWE-788: Access of Memory Location After End of Buffer •
CVE-2024-4144 – Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-4144
The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment. El complemento Simple Basic Contact Form para WordPress para WordPress es vulnerable a la ejecución de códigos cortos arbitrarios en todas las versiones hasta la 20240502 incluida. Esto permite a atacantes no autenticados ejecutar códigos cortos arbitrarios. • https://plugins.trac.wordpress.org/browser/simple-basic-contact-form/trunk/simple-basic-contact-form.php#L543 https://plugins.trac.wordpress.org/changeset/3085036 https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •