CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-9112 – FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9112
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37779
https://notcve.org/view.php?id=CVE-2024-37779
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. • https://www.woodwing.com https://medium.com/%40daviddepaulasantos/our-brand-new-cve-authenticated-remote-code-execution-rce-on-elvis-dam-c544d879ef1e • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42323 – Apache HertzBeat: RCE by snakeYaml deser load malicious xml
https://notcve.org/view.php?id=CVE-2024-42323
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.0. Users are recommended to upgrade to version 1.6.0, which fixes the issue. • https://lists.apache.org/thread/dwpwm572sbwon1mknlwhkpbom2y7skbx https://lists.apache.org/thread/r0c4tost4bllqc1n9q6rmzs1slgsq63t • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-41721 – bhyve(8) out-of-bounds read access via XHCI emulation
https://notcve.org/view.php?id=CVE-2024-41721
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. • https://security.freebsd.org/advisories/FreeBSD-SA-24:15.bhyve.asc • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46640
https://notcve.org/view.php?id=CVE-2024-46640
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. • https://gitee.com/zheng_botong/CVE-2024-46640 • CWE-94: Improper Control of Generation of Code ('Code Injection') •