CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31380 – WordPress Oxygen plugin <= 4.9 - Authenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31380
03 Apr 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3. ... Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. • https://patchstack.com/database/vulnerability/oxygen/wordpress-oxygen-plugin-4-8-1-auth-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-31390 – WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31390
03 Apr 2024 — : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. • https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30568
https://notcve.org/view.php?id=CVE-2024-30568
03 Apr 2024 — Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Se descubrió que Netgear R6850 1.1.0.88 contiene una vulnerabilidad de inyección de comandos a través del parámetro c4-IPAddr. • https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection%28ping_test%29.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31011
https://notcve.org/view.php?id=CVE-2024-31011
03 Apr 2024 — Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. Vulnerabilidad de escritura arbitraria en archivos en beescms v.4.0, permite a un atacante remoto ejecutar código arbitrario a través de una ruta de archivo que no estaba aislada y el sufijo no estaba verificado en admin_template.php. • https://github.com/ss122-0ss/beescms/blob/main/readme.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27705
https://notcve.org/view.php?id=CVE-2024-27705
03 Apr 2024 — Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. La vulnerabilidad de Cross Site Scripting en Leantime v3.0.6 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo PDF manipulado en el endpoint de archivos/exploración. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27705 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 4CVE-2024-2389 – Flowmon Unauthenticated Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-2389
02 Apr 2024 — In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. En las versiones de Flowmon anteriores a la 11.1.14 y 12.3.5, se identificó una vulnerabilidad de inyección de comandos del sistema operativo. Un usuario no autenticado puede acceder al sistema a través de la interfaz de administración de Flo... • https://packetstorm.news/files/id/178849 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51456
https://notcve.org/view.php?id=CVE-2023-51456
02 Apr 2024 — A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51456 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51455
https://notcve.org/view.php?id=CVE-2023-51455
02 Apr 2024 — A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51455 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51454
https://notcve.org/view.php?id=CVE-2023-51454
02 Apr 2024 — A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51454 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28951 – Arkcompiler runtime has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-28951
02 Apr 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-416: Use After Free •