CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28130
https://notcve.org/view.php?id=CVE-2024-28130
A specially crafted malformed file can lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-21511
https://notcve.org/view.php?id=CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. • https://github.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713 https://github.com/sidorares/node-mysql2/pull/2608 https://github.com/sidorares/node-mysql2/releases/tag/v3.9.7 https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 12CVE-2024-4040 – CrushFTP VFS Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-4040
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. VFS Sandbox Escape en CrushFTP en todas las versiones anteriores a 10.7.1 y 11.1.0 en todas las plataformas permite a atacantes remotos con privilegios bajos leer archivos del sistema de archivos fuera de VFS Sandbox. CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS). • https://github.com/entroychang/CVE-2024-4040 https://github.com/Mohammaddvd/CVE-2024-4040 https://github.com/Praison001/CVE-2024-4040-CrushFTP-server https://github.com/airbus-cert/CVE-2024-4040 https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC https://github.com/gotr00t0day/CVE-2024-4040 https://github.com/rbih-boulanouar/CVE-2024-4040 https://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability https://github.com/olebris/CVE-2024-4040 https://github.com&# • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32790 – WordPress Pricing Table by Supsystic plugin <= 1.9.12 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32790
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Supsystic Pricing Table by Supsystic allows Code Injection.This issue affects Pricing Table by Supsystic: from n/a through 1.9.12. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Supsystic Pricing Table de Supsystic permite la inyección de código. Este problema afecta a Pricing Table de Supsystic: desde n/a hasta 1.9.12. The Pricing Table by Supsystic plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with admin-level access and above, to inject arbitrary content. • https://patchstack.com/database/vulnerability/pricing-table-by-supsystic/wordpress-pricing-table-by-supsystic-plugin-1-9-12-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28699
https://notcve.org/view.php?id=CVE-2024-28699
A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. Una vulnerabilidad de desbordamiento de búfer en pdf2json v0.70 permite a un atacante local ejecutar código arbitrario a través de las funciones GString::copy() e ImgOutputDev::ImgOutputDev. • http://pdf2json.com https://github.com/flexpaper/pdf2json https://github.com/flexpaper/pdf2json/issues/52 • CWE-94: Improper Control of Generation of Code ('Code Injection') •