CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51076
https://notcve.org/view.php?id=CVE-2024-51076
29 Oct 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Online%20DJ%20Booking/Reflected%20Cross%20Site%20Scripting%20b.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51180
https://notcve.org/view.php?id=CVE-2024-51180
29 Oct 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/IFSC%20Code%20Finder/IFSC%20Code%20Finder%20do.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51181
https://notcve.org/view.php?id=CVE-2024-51181
29 Oct 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/IFSC%20Code%20Finder/IFSC%20Code%20Finder%20Admin.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8512 – W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8512
29 Oct 2024 — The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48063
https://notcve.org/view.php?id=CVE-2024-48063
29 Oct 2024 — In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. En PyTorch <=2.4.1, RemoteModule tiene RCE de deserialización. In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. • https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44237 – Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-44237
28 Oct 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://support.apple.com/en-us/121568 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44283 – Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-44283
28 Oct 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://support.apple.com/en-us/121568 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44240 – Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-44240
28 Oct 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://support.apple.com/en-us/121563 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44282 – Apple macOS CoreFoundation Font Glyphs Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-44282
28 Oct 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://support.apple.com/en-us/121563 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44236 – Apple macOS ICC Profile Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-44236
28 Oct 2024 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://support.apple.com/en-us/121568 • CWE-787: Out-of-bounds Write •