CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26362
https://notcve.org/view.php?id=CVE-2024-26362
10 Apr 2024 — HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. Vulnerabilidad de inyección de HTML en Enpass Password Manager Desktop Client 6.9.2 para Windows y Linux permite a los atacantes ejecutar código HTML arbitrario mediante la creación de una nota manipulada. • https://packetstormsecurity.com/files/177075/Enpass-Desktop-Application-6.9.2-HTML-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2024-31819 – AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-31819
10 Apr 2024 — An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. Un problema en WWBN AVideo v.12.4 a v.14.2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro systemRootPath del componente submitIndex.php. • https://packetstorm.news/files/id/178659 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29500
https://notcve.org/view.php?id=CVE-2024-29500
10 Apr 2024 — An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. Un problema en el modo quiosco de Secure Lockdown Multi Application Edition v2.00.219 permite a los atacantes ejecutar código arbitrario ejecutando una instancia de aplicación ClickOnce. • https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 23EXPL: 1CVE-2024-3446 – Qemu: virtio: dma reentrancy issue leads to double free vulnerability
https://notcve.org/view.php?id=CVE-2024-3446
09 Apr 2024 — This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. • https://github.com/Toxich4/CVE-2024-34469 • CWE-415: Double Free •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31457 – gin-vue-admin background arbitrary code coverage vulnerability
https://notcve.org/view.php?id=CVE-2024-31457
09 Apr 2024 — gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. • https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31866 – Apache Zeppelin: Interpreter download command does not escape malicious code injection
https://notcve.org/view.php?id=CVE-2024-31866
09 Apr 2024 — Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. Vulnerabilidad de codificación o escape de salida inadecuados en Apache Zeppelin. Los atacantes pueden ejecutar scripts de shell o código malicioso anulando configuraciones co... • http://www.openwall.com/lists/oss-security/2024/04/09/10 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31864 – Apache Zeppelin: Remote code execution by adding malicious JDBC connection string
https://notcve.org/view.php?id=CVE-2024-31864
09 Apr 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. ... Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. • http://www.openwall.com/lists/oss-security/2024/04/09/8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45590
https://notcve.org/view.php?id=CVE-2023-45590
09 Apr 2024 — An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website Un control inadecuado de la generación de código ("inyección de código") en Fortinet FortiClientLinux versión 7.2.0, 7.0.6 a 7.0.10 y 7.0.3 a 7.0.4 permite a un atacante ejecutar código o comandos no autorizados engañando a un ... • https://fortiguard.com/psirt/FG-IR-23-087 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31807
https://notcve.org/view.php?id=CVE-2024-31807
08 Apr 2024 — TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Se descubrió que TOTOLINK EX200 V4.0.3c.7646_B20201211 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del parámetro hostTime en la función NTPSyncWithHost. • https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/EX200/CI_2_NTPSyncWithHost/CI.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31022
https://notcve.org/view.php?id=CVE-2024-31022
08 Apr 2024 — An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. Se descubrió un problema en CandyCMS versión 1.0.0 que permite a atacantes remotos ejecutar código arbitrario a través del componente install.php. • https://www.xuxblog.top/2024/03/25/CandyCMS-Pre-Auth-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •