CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39236
https://notcve.org/view.php?id=CVE-2024-39236
01 Jul 2024 — Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. • https://github.com/Aaron911/PoC/blob/main/Gradio.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38993
https://notcve.org/view.php?id=CVE-2024-38993
01 Jul 2024 — rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que rjrodger jsonic-next v2.12.1 contenía un prototipo de contaminación a través de la función vacía. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias... • https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38990
https://notcve.org/view.php?id=CVE-2024-38990
01 Jul 2024 — Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que Tada5hi sp-common v0.5.4 contiene un prototipo de contaminación a través de la función mergeDeep. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias... • https://gist.github.com/mestrtee/ae5f6b0d8f5d7de716e6af6d189b2169 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39015
https://notcve.org/view.php?id=CVE-2024-39015
01 Jul 2024 — cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que cafebazaar hod v0.4.14 contenía un prototipo de contaminación a través de la solicitud de función. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/7ab061d9eb901cc89652e7666ca3ef52 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25943
https://notcve.org/view.php?id=CVE-2024-25943
29 Jun 2024 — A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. iDRAC9, versiones anteriores a 7.00.00.172 para la 14.ª generación y 7.10.50.00 para las 15.ª y 16.ª generación, contiene una vulnerabilidad de secuestro de sesión en IPMI. • https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3995 – Command Injection in Helix ALM
https://notcve.org/view.php?id=CVE-2024-3995
28 Jun 2024 — In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. En las versiones de Helix ALM anteriores a la 2024.2.0, se identificó una inyección de comando local. Reportado por Bryan Riggins. • https://portal.perforce.com/s/detail/a91PA000001SU5pYAG • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-27540
https://notcve.org/view.php?id=CVE-2022-27540
28 Jun 2024 — A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. • https://support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37442 – WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-37442
28 Jun 2024 — Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1. La neutralización incorrecta de elementos especiales en la salida utilizada por una vulnerabilidad de componente posterior ('inyección') en Photo Gallery Team Photo Gallery by Ays permite la inyección de código. Este problema afecta a Photo Gallery by Ays: desde n/a ant... • https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-responsive-image-gallery-plugin-5-7-1-html-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37420 – WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37420
28 Jun 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WPZita Zita Elementor Site Library permite cargar un Web Shell a un servidor web. Este problema afecta a Zita Elementor Site Library: desde n/a hasta 1.6.1. The Zita Elementor Site Library plugin for WordPress is vulner... • https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6127 – BC Security Empire Path Traversal RCE
https://notcve.org/view.php?id=CVE-2024-6127
27 Jun 2024 — BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path. • https://aceresponder.com/blog/exploiting-empire-c2-framework • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •