CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25938
https://notcve.org/view.php?id=CVE-2024-25938
A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25648
https://notcve.org/view.php?id=CVE-2024-25648
A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25575
https://notcve.org/view.php?id=CVE-2024-25575
A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1963 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31823
https://notcve.org/view.php?id=CVE-2024-31823
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. Un problema en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código arbitrario a través del método removeSecondaryImage del componente Publish.php. • https://gist.github.com/LioTree/4989e0f20b6a885604dd3178fa4b66b5 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33445
https://notcve.org/view.php?id=CVE-2024-33445
An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Un problema en hisiphp v2.0.111 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el parámetro SystemPlugins::mkInfo en el componente SystemPlugins.php. • https://gist.github.com/LioTree/04a4ece38df53af4027d52b2aeb7aff6 https://github.com/hisiphp/hisiphp/issues/11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •