CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22633
https://notcve.org/view.php?id=CVE-2024-22633
26 Apr 2024 — Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request. Se descubrió que el Setor Informatica Sistema Inteligente para Laboratorios (SIL) 388 contenía una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hprinter. Esta vulnerabilidad se activa mediante una solicitud POST manipulada. • https://tomiodarim.io/posts/cve-2024-22632-3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32406
https://notcve.org/view.php?id=CVE-2024-32406
26 Apr 2024 — Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer relate anterior a v.2024.1 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado para la función de emisión de tickets de examen por lotes. • https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-51794 – Debian Security Advisory 5721-1
https://notcve.org/view.php?id=CVE-2023-51794
26 Apr 2024 — An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. ... An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. • https://trac.ffmpeg.org/ticket/10746 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32404
https://notcve.org/view.php?id=CVE-2024-32404
26 Apr 2024 — Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. La vulnerabilidad de inyección de plantilla del lado del servidor (SSTI) en inducer related anterior a v.2024.1 permite a atacantes remotos ejecutar código arbitrario a través de una carga útil manipulada para la función Markup Sandbox. • https://packetstormsecurity.com/2404-exploits/rlts-sstexec.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-33644 – WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-33644
25 Apr 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. • https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4214 – WordPress cardealer plugin <= 4.15 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-4214
25 Apr 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15. Neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (la vulnerabilidad XSS básica en Bill Minozzi Car Dealer permite la inyección de código. Este problema afecta a Car Dealer: desde n/a hasta 4.15. The Car Dealer (Dealership) and Vehicle sales plugin for WordPress is vulnerable to u... • https://patchstack.com/database/vulnerability/cardealer/wordpress-cardealer-plugin-4-15-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32876 – NewPipe has potential security vulnerability when importing settings
https://notcve.org/view.php?id=CVE-2024-32876
24 Apr 2024 — NewPipe version 0.27.0 fixes the issue by doing the following: Restrict the classes that can be deserialized when calling Java's Object Serialization Stream Protocol, by adding a whitelist with only innocuous data-only classes that can't lead to Arbitrary Code Execution; deprecate backups serialized with Java's Object Serialization Stream Protocol; use JSON serialization for all newly created backups (but still include an alternative file serialized with Java's Object Serialization Stream Protocol in... • https://docs.oracle.com/javase/6/docs/platform/serialization/spec/protocol.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.0EPSS: 0%CPEs: 267EXPL: 0CVE-2024-20359 – Cisco ASA and FTD Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20359
24 Apr 2024 — A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability. This vulnerability is due to improper validation of a file when it is read from system flash memory. An attac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3734 – FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-3734
24 Apr 2024 — The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. El complemento FOX – Currency Switcher Professional para WooCommerce es vulnerable a la ejecución de códigos cortos arbitrarios no autenticados en v... • https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/trunk/classes/woocs.php#L4154 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21979
https://notcve.org/view.php?id=CVE-2024-21979
23 Apr 2024 — An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. ... An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6012.html • CWE-787: Out-of-bounds Write •