CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-22830
https://notcve.org/view.php?id=CVE-2024-22830
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. ... El módulo del kernel de Windows de Anti-Cheat Expert "ACE-BASE.sys" versión 1.0.2202.6217 no realiza un control de acceso adecuado cuando maneja los recursos del sistema. • http://anti-cheat.com https://intl.anticheatexpert.com/#/tool-center https://www.defencetech.it/wp-content/uploads/2024/04/Report-CVE-2024-22830.pdf • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33430
https://notcve.org/view.php?id=CVE-2024-33430
An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. Un problema en phiola/src/afilter/pcm_convert.h:513 de phiola v2.0-rc22 permite a un atacante remoto ejecutar código arbitrario a través de un archivo .wav manipulado. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/poc/I2ZFI3~5 https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.assets/image-20240420011601263.png https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.md https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1 https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1/poc https://github.com/stsaz/phiola https:/& • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-482: Comparing instead of Assigning •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-26322 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26322
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the isUrlMatchLevel method. The issue results from a permissive list of allowed inputs. • https://trust.mi.com/misrc/bulletins/advisory?cveId=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33442
https://notcve.org/view.php?id=CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. Un problema en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través del componente add_post.php. • https://github.com/summerwayace/cms/blob/main/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3957 – Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-3957
The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. El complemento Booster for WooCommerce es vulnerable a la ejecución de códigos cortos arbitrarios no autenticados en versiones hasta la 7.1.8 incluida. Esto permite a atacantes no autenticados ejecutar códigos cortos arbitrarios. • https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-product-by-user.php#L245 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3076207%40woocommerce-jetpack%2Ftrunk&old=3046146%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail=#file7 https://www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e97-8b30221b509f?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •