CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9112 – FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9112
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37779
https://notcve.org/view.php?id=CVE-2024-37779
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. • https://www.woodwing.com https://medium.com/%40daviddepaulasantos/our-brand-new-cve-authenticated-remote-code-execution-rce-on-elvis-dam-c544d879ef1e • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 1CVE-2023-46948
https://notcve.org/view.php?id=CVE-2023-46948
A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components. • https://github.com/AzraelsBlade/CVE-2023-46948 http://temenos.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42323 – Apache HertzBeat: RCE by snakeYaml deser load malicious xml
https://notcve.org/view.php?id=CVE-2024-42323
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue. • https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-41721 – bhyve(8) out-of-bounds read access via XHCI emulation
https://notcve.org/view.php?id=CVE-2024-41721
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. • https://security.freebsd.org/advisories/FreeBSD-SA-24:15.bhyve.asc • CWE-125: Out-of-bounds Read •