CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36581
https://notcve.org/view.php?id=CVE-2024-36581
17 Jun 2024 — A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm. Un problema de contaminación de prototipos en abw Badger-database 1.2.1 permite a un atacante ejecutar código arbitrario a través de dist/badger-database.esm. • https://gist.github.com/mestrtee/f6b2ed1b3b4bc0df994c7455fc6110bd • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38448
https://notcve.org/view.php?id=CVE-2024-38448
16 Jun 2024 — htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. htags en GNU Global hasta 6.6.12 permite la ejecución de código en situaciones en las que dbpath (también conocido como -d) no es de confianza, porque se pueden usar metacaracteres de shell. • https://cvs.savannah.gnu.org/viewvc/global/global/htags/htags.c?revision=1.236&view=markup • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38396
https://notcve.org/view.php?id=CVE-2024-38396
16 Jun 2024 — An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395. Se descubrió un problema en iTerm2 3.5.x anterior a 3.5.2. El uso sin filtrar de una secuencia de escape para informar el título de una ventana, en combinación con la función de integración tmux incorporad... • https://github.com/vin01/poc-cve-2024-38396 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38395
https://notcve.org/view.php?id=CVE-2024-38395
16 Jun 2024 — In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable." En iTerm2 anterior a 3.5.2, la configuración "La terminal puede informar el título de la ventana" no se respeta y, por lo tanto, puede ocurrir la ejecución remota de código, pero "no es trivialmente explotable". • https://github.com/vin01/poc-cve-2024-38396 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-38458 – Xenforo 2.2.15 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-38458
16 Jun 2024 — Xenforo before 2.2.16 allows code injection. • https://packetstorm.news/files/id/179586 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3105 – Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-3105
14 Jun 2024 — The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. El complemento Woody code snippets – Insert Header Footer Code, AdSense Ads para W... • https://github.com/hunThubSpace/CVE-2024-3105-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37885 – Code injection in Nextcloud Desktop Client for macOS
https://notcve.org/view.php?id=CVE-2024-37885
14 Jun 2024 — A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. • https://github.com/nextcloud/desktop/pull/6378 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5671
https://notcve.org/view.php?id=CVE-2024-5671
14 Jun 2024 — Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. • https://thrive.trellix.com/s/article/000013623 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-36598 – AEGON LIFE 1.0 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-36598
14 Jun 2024 — An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. Una vulnerabilidad de carga de archivos arbitrarios en Aegon Life v1.0 permite a los atacantes ejecutar código arbitrario cargando un archivo de imagen manipulado. AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability. • https://packetstorm.news/files/id/179087 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32925
https://notcve.org/view.php?id=CVE-2024-32925
13 Jun 2024 — In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En dhd_prot_txstatus_process de dhd_msgbuf.c, hay una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría conducir a la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2024-06-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •