CVSS: 4.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-2537 – Electron Code Injection in Logi Tune macOS Application
https://notcve.org/view.php?id=CVE-2024-2537
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. La vulnerabilidad del control inadecuado de los recursos de código administrados dinámicamente en Logitech Logi Tune en MacOS permite la inclusión de código local. • https://github.com/ewilded/CVE-2024-25376-POC https://hackerone.com/reports/2376663 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2497 – RaspAP raspap-webgui HTTP POST Request provider.php code injection
https://notcve.org/view.php?id=CVE-2024-2497
The manipulation of the argument country leads to code injection. ... Durch die Manipulation des Arguments country mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27756
https://notcve.org/view.php?id=CVE-2024-27756
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. Un problema en GLPI v.10.0.12 y anteriores permite a un atacante remoto ejecutar código arbitrario, escalar privilegios y obtener información confidencial a través de un script manipulado en el campo de título. • https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28424
https://notcve.org/view.php?id=CVE-2024-28424
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. Se descubrió que zenml v0.55.4 contenía una vulnerabilidad de carga de archivos arbitraria en la función de carga en /materializers/cloudpickle_materializer.py. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado. • https://github.com/bayuncao/vul-cve-18 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22167 – SanDisk PrivateAccess DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2024-22167
A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. • https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-11 • CWE-427: Uncontrolled Search Path Element •