CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37862
https://notcve.org/view.php?id=CVE-2024-37862
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10681 – ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-10681
05 Dec 2024 — The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. ... This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3199747/armember-membership/trunk/core/classes/class.arm_shortcodes.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-37860
https://notcve.org/view.php?id=CVE-2024-37860
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30963
https://notcve.org/view.php?id=CVE-2024-30963
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30961
https://notcve.org/view.php?id=CVE-2024-30961
05 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30964
https://notcve.org/view.php?id=CVE-2024-30964
05 Dec 2024 — Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30962
https://notcve.org/view.php?id=CVE-2024-30962
05 Dec 2024 — Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process • https://github.com/GoesM/ROS-CVE-CNVDs • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-47946 – OS Command Execution through Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-47946
05 Dec 2024 — If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. ... The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data". Image Access Scan2Net with firmware versions prior or equal to 7.40, versions prior or equal ... • https://packetstorm.news/files/id/182979 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12183 – DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting
https://notcve.org/view.php?id=CVE-2024-12183
04 Dec 2024 — A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12182 – DedeCMS soft_add.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12182
04 Dec 2024 — A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/78 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •