CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45873 – VegaBird Yaazhini 2.0.2 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-45873
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. VegaBird Yaazhini version 2.0.2 suffers from a dll hijacking vulnerability. • http://vegabird.com https://sploitus.com/exploit?id=PACKETSTORM:181912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6051 – Cross Application Scripting in Redlink SDK
https://notcve.org/view.php?id=CVE-2024-6051
Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13. • https://cert.pl/en/posts/2024/09/CVE-2024-6051 https://cert.pl/posts/2024/09/CVE-2024-6051 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-45200
https://notcve.org/view.php?id=CVE-2024-45200
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, • https://github.com/latte-soft/kartlanpwn https://hackerone.com/reports/2611669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47649 – WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-47649
Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en THATplugin Iconize. Este problema afecta a Iconize: desde n/a hasta 1.2.4. The Iconize plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/iconize/wordpress-iconize-plugin-1-2-4-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2024-9324 – Intelbras InControl Relatório de Operadores Page operador code injection
https://notcve.org/view.php?id=CVE-2024-9324
The manipulation of the argument fields leads to code injection. ... Dank der Manipulation des Arguments fields mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.278828 https://vuldb.com/?id.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A • CWE-94: Improper Control of Generation of Code ('Code Injection') •