CVSS: 7.2EPSS: 0%CPEs: -EXPL: 4CVE-2024-22274
https://notcve.org/view.php?id=CVE-2024-22274
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. vCenter Server contiene una vulnerabilidad de ejecución remota de código autenticado. Un actor malintencionado con privilegios administrativos en el shell del dispositivo vCenter puede aprovechar este problema para ejecutar comandos arbitrarios en el sistema operativo subyacente. • https://github.com/mbadanoiu/CVE-2024-22274 https://github.com/l0n3m4n/CVE-2024-22274-RCE https://github.com/ninhpn1337/CVE-2024-22274 https://github.com/Mustafa1986/CVE-2024-22274-RCE https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31335 – PowerVR DevmemIntChangeSparse2() Dangling Page Table Entry
https://notcve.org/view.php?id=CVE-2024-31335
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. • https://source.android.com/security/bulletin/2024-07-01 • CWE-783: Operator Precedence Logic Error •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34724 – PowerVR _UnrefAndMaybeDestroy() Use-After-Free
https://notcve.org/view.php?id=CVE-2024-34724
In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. • https://source.android.com/security/bulletin/2024-07-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4261 – Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-4261
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. El complemento Responsive Contact Form Builder & Lead Generation Plugin para WordPress es vulnerable a la ejecución arbitraria de códigos cortos en todas las versiones hasta la 1.9.1 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acción que no valida correctamente un valor antes de ejecutar do_shortcode. • https://plugins.trac.wordpress.org/browser/lead-form-builder/trunk/block/app.php#L24 https://www.wordfence.com/threat-intel/vulnerabilities/id/858d8641-7455-47c2-9639-480ce4ec3540?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24294
https://notcve.org/view.php?id=CVE-2024-24294
A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. Un problema de contaminación de prototipos en Blackprint @blackprint/engine v.0.9.0 permite a un atacante ejecutar código arbitrario a través de la función _utils.setDeepProperty de Engine.min.js. • https://gist.github.com/mestrtee/d1eb6e1f7c6dd60d8838c3e56cab634d • CWE-94: Improper Control of Generation of Code ('Code Injection') •