CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2497 – RaspAP raspap-webgui HTTP POST Request provider.php code injection
https://notcve.org/view.php?id=CVE-2024-2497
The manipulation of the argument country leads to code injection. ... Durch die Manipulation des Arguments country mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-27756
https://notcve.org/view.php?id=CVE-2024-27756
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. Un problema en GLPI v.10.0.12 y anteriores permite a un atacante remoto ejecutar código arbitrario, escalar privilegios y obtener información confidencial a través de un script manipulado en el campo de título. • https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-28424
https://notcve.org/view.php?id=CVE-2024-28424
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. Se descubrió que zenml v0.55.4 contenía una vulnerabilidad de carga de archivos arbitraria en la función de carga en /materializers/cloudpickle_materializer.py. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado. • https://github.com/bayuncao/vul-cve-18 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22167 – SanDisk PrivateAccess DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2024-22167
A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. • https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-11 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27972 – WordPress WP Fusion Lite plugin <= 3.41.24 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-27972
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Very Good Plugins WP Fusion Lite permite la inyección de comando. Este problema afecta a WP Fusion Lite: desde n/a hasta 3.41.24. The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.41.24. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. • https://github.com/truonghuuphuc/CVE-2024-27972-Poc https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •