CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9472
https://notcve.org/view.php?id=CVE-2018-9472
20 Nov 2024 — This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. • https://source.android.com/security/bulletin/2018-09-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11491 – 115cms useradmin.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11491
20 Nov 2024 — A vulnerability was found in 115cms up to 20240807. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php/admin/web/useradmin.html. The manipulation of the argument ks leads to cross site scripting. The attack may be launched remotely. • https://github.com/Hebing123/cve/issues/70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11490 – 115cms set.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11490
20 Nov 2024 — A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely. • https://github.com/Hebing123/cve/issues/70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11489 – 115cms file.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11489
20 Nov 2024 — A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The manipulation of the argument ks leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-11488 – 115cms web_user.html cross site scripting
https://notcve.org/view.php?id=CVE-2024-11488
20 Nov 2024 — A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10094
https://notcve.org/view.php?id=CVE-2024-10094
20 Nov 2024 — Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code Las versiones 6.x a Infinity 24.1.1 de Pega Platform se ven afectadas por un problema con el control inadecuado de la generación de código • https://support.pega.com/support-doc/pega-security-advisory-d24-vulnerability-remediation-note • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11495 – Buffer overflow in OllyDbg
https://notcve.org/view.php?id=CVE-2024-11495
20 Nov 2024 — Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking. • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-ollydbg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10382 – Arbitrary Code execution in Car App Android Jetpack Library
https://notcve.org/view.php?id=CVE-2024-10382
20 Nov 2024 — There exists a code execution vulnerability in the Car App Android Jetpack Library. There exists a code execution vulnerability in the Car App Android Jetpack Library. ... In combination with other gadgets, this can lead to arbitrary code execution. In combination with other gadgets, this can lead to arbitrary code execution. ... This can lead to arbitrary code execution when combined with specific Java deserializatio... • https://developer.android.com/jetpack/androidx/releases/car-app#1.7.0-beta03 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52769
https://notcve.org/view.php?id=CVE-2024-52769
20 Nov 2024 — An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://co-a1natas.feishu.cn/docx/Zsd9dnGUvoBW6tx0G5fcVx6vnBb • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52490 – WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52490
20 Nov 2024 — The Pathomation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/pathomation/vulnerability/wordpress-pathomation-plugin-2-5-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •