CVE-2024-28396
https://notcve.org/view.php?id=CVE-2024-28396
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. • https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-29027 – Parse Server crash and RCE via invalid Cloud Function or Cloud Job name
https://notcve.org/view.php?id=CVE-2024-29027
Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. • https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e https://github.com/parse-community/parse-server/releases/tag/6.5.5 https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29 https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2024-26064 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-26064
This could result in arbitrary code execution in the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-26044 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-26044
This could result in arbitrary code execution in the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-26042 – Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2024-26042
This could result in arbitrary code execution in the context of the victim's browser. • https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •