CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 15CVE-2024-23692 – Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
https://notcve.org/view.php?id=CVE-2024-23692
31 May 2024 — Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. Rejetto HTTP File Server, hasta la versión 2.3m incluida, es vulnerable a una vulnerabilidad de inyección de plantilla. Esta vulnerabilidad permite que un atacante remo... • https://packetstorm.news/files/id/181541 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5436 – Type Confusion in Snapchat Lenscore
https://notcve.org/view.php?id=CVE-2024-5436
31 May 2024 — Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. • https://hackerone.com/snapchat • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5271 – Fuji Electric Monitouch V-SFT Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-5271
30 May 2024 — Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-36954 – tipc: fix a possible memleak in tipc_buf_append
https://notcve.org/view.php?id=CVE-2024-36954
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: soluciona un posible memleak en tipc_buf_append __skb_linearize() no libera el skb cuando falla, así que mueve '*buf = NULL' después de __skb_linearize(), para que el skb se pu... • https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3924 – Code Injection in huggingface/text-generation-inference
https://notcve.org/view.php?id=CVE-2024-3924
30 May 2024 — A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. ... Successful exploitation could lead to arbitrary code execution within the context of the GitHub Actions runner. • https://github.com/zunak/CVE-2024-39249 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-35333
https://notcve.org/view.php?id=CVE-2024-35333
29 May 2024 — An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption. • https://github.com/momo1239/CVE-2024-35333 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35226 – PHP Code Injection by malicious attribute in extends-tag in Smarty
https://notcve.org/view.php?id=CVE-2024-35226
28 May 2024 — Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. • https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-35581
https://notcve.org/view.php?id=CVE-2024-35581
28 May 2024 — A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. Una vulnerabilidad de Cross-site scripting (XSS) en Sourcecodester Laboratory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a través de un payload manipulado inyectado en el campo de entrada Nombre del prestatario. • https://github.com/r04i7/CVE/blob/main/CVE-2024-35581.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23601
https://notcve.org/view.php?id=CVE-2024-23601
28 May 2024 — A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003ycL2AQ/sa00039 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35953
https://notcve.org/view.php?id=CVE-2023-35953
28 May 2024 — An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric vertices section within an OFF file. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784 • CWE-121: Stack-based Buffer Overflow •