CVSS: 9.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-31390 – WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31390
: Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. • https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve https://patchstack.com/database/vulnerability/breakdance/wordpress-breakdance-plugin-1-7-0-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve https://snicco.io/vulnerability-disclosure/breakdance/client-mode-remote-code-execution-breakdance-1-7-0?_s_id=cve https://www.youtube.com/watch?v=9glx54-LfRE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-27705
https://notcve.org/view.php?id=CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. La vulnerabilidad de Cross Site Scripting en Leantime v3.0.6 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo PDF manipulado en el endpoint de archivos/exploración. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27705 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31013
https://notcve.org/view.php?id=CVE-2024-31013
Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. Vulnerabilidad de Cross Site Scripting (XSS) en emlog versión Pro 2.3, permite a atacantes remotos ejecutar código arbitrario a través de un payload manipulado en la parte inferior de la página de inicio en el parámetro footer_info. • https://github.com/emlog/emlog/issues/291 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31011
https://notcve.org/view.php?id=CVE-2024-31011
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. Vulnerabilidad de escritura arbitraria en archivos en beescms v.4.0, permite a un atacante remoto ejecutar código arbitrario a través de una ruta de archivo que no estaba aislada y el sufijo no estaba verificado en admin_template.php. • https://github.com/ss122-0ss/beescms/blob/main/readme.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30568
https://notcve.org/view.php?id=CVE-2024-30568
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Se descubrió que Netgear R6850 1.1.0.88 contiene una vulnerabilidad de inyección de comandos a través del parámetro c4-IPAddr. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection%28ping_test%29.md https://www.netgear.com/about/security • CWE-94: Improper Control of Generation of Code ('Code Injection') •