CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22633
https://notcve.org/view.php?id=CVE-2024-22633
Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request. Se descubrió que el Setor Informatica Sistema Inteligente para Laboratorios (SIL) 388 contenía una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hprinter. Esta vulnerabilidad se activa mediante una solicitud POST manipulada. • https://tomiodarim.io/posts/cve-2024-22632-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-32404
https://notcve.org/view.php?id=CVE-2024-32404
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer related anterior a v.2024.1 permite a atacantes remotos ejecutar código arbitrario a través de una carga útil manipulada para la función Markup Sandbox. • https://packetstormsecurity.com/2404-exploits/rlts-sstexec.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-32406
https://notcve.org/view.php?id=CVE-2024-32406
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer relate anterior a v.2024.1 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función de emisión de tickets de examen por lotes. • https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33644 – WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-33644
Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. • https://patchstack.com/database/vulnerability/customify-sites/wordpress-customify-site-library-plugin-0-0-9-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4214 – WordPress cardealer plugin <= 4.15 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-4214
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15. Neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (la vulnerabilidad XSS básica en Bill Minozzi Car Dealer permite la inyección de código. Este problema afecta a Car Dealer: desde n/a hasta 4.15. The Car Dealer (Dealership) and Vehicle sales plugin for WordPress is vulnerable to unauthorized content injection due to insufficient input validation in all versions up to, and including, 4.15. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary content. • https://patchstack.com/database/vulnerability/cardealer/wordpress-cardealer-plugin-4-15-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •