CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31823
https://notcve.org/view.php?id=CVE-2024-31823
29 Apr 2024 — An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. Un problema en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código arbitrario a través del método removeSecondaryImage del componente Publish.php. • https://gist.github.com/LioTree/4989e0f20b6a885604dd3178fa4b66b5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31822
https://notcve.org/view.php?id=CVE-2024-31822
29 Apr 2024 — An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. Un problema en el commit Ecommerce-CodeIgniter-Bootstrap v. d22b54e8915f167a135046ceb857caaf8479c4da permite a un atacante remoto ejecutar código arbitrario a través del método saveLanguageFiles del componente Languages.php. • https://gist.github.com/LioTree/f83e25b2c5e144c0b3ad8919e6483c7a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33445
https://notcve.org/view.php?id=CVE-2024-33445
29 Apr 2024 — An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Un problema en hisiphp v2.0.111 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado en el parámetro SystemPlugins::mkInfo en el componente SystemPlugins.php. • https://gist.github.com/LioTree/04a4ece38df53af4027d52b2aeb7aff6 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32492
https://notcve.org/view.php?id=CVE-2024-32492
29 Apr 2024 — An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. Se descubrió un problema en Znuny 7.0.1 a 7.0.16 donde la vista de detalles del ticket en el frente del cliente permite la ejecución de JavaScript externo. • https://www.znuny.org/en/advisories/zsa-2024-02 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32491
https://notcve.org/view.php?id=CVE-2024-32491
29 Apr 2024 — An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server. Se descubrió un problema en Znuny y Znuny LTS 6.0.31 a 6.5.7 y Znuny 7.0.1 a 7.0.16 donde un usuario que inició sesión puede cargar un archivo (a través de una solicitud AJAX manipulada) a u... • https://www.znuny.org/en/advisories/zsa-2024-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4058 – Debian Security Advisory 5675-1
https://notcve.org/view.php?id=CVE-2024-4058
29 Apr 2024 — (Severidad de seguridad de Chromium: crítica) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4059 – Debian Security Advisory 5675-1
https://notcve.org/view.php?id=CVE-2024-4059
29 Apr 2024 — (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4060 – Debian Security Advisory 5675-1
https://notcve.org/view.php?id=CVE-2024-4060
29 Apr 2024 — (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32878 – Use of Uninitialized Variable Vulnerability in llama.cpp
https://notcve.org/view.php?id=CVE-2024-32878
26 Apr 2024 — Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). • https://github.com/ggerganov/llama.cpp/releases/tag/b2749 • CWE-456: Missing Initialization of a Variable •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-32884 – gix-transport indirect code execution via malicious username
https://notcve.org/view.php?id=CVE-2024-32884
26 Apr 2024 — The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. • https://github.com/Byron/gitoxide/security/advisories/GHSA-98p4-xjmm-8mfh • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •