CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-2016 – ZhiCms setcontroller.php index code injection
https://notcve.org/view.php?id=CVE-2024-2016
The manipulation of the argument sitename leads to code injection. ... Durch Manipulation des Arguments sitename mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 https://vuldb.com/?ctiid.255270 https://vuldb.com/?id.255270 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-6132 – AVEVA Edge products Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2023-6132
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. • https://www.aveva.com/en/support-and-success/cyber-security-updates https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20765 – ZDI-CAN-22674: Adobe Acrobat Reader DC PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20765
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0864 – RCE in Laragon
https://notcve.org/view.php?id=CVE-2024-0864
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. Habilitar el complemento Simple Ajax Uploader incluido en el software de código abierto Laragon permite un ataque de ejecución remota de código (RCE) a través de una validación de entrada incorrecta en un archivo file_upload.php que sirve como ejemplo. De forma predeterminada, Laragon no es vulnerable hasta que un usuario decide utilizar el complemento antes mencionado. • https://cert.pl/en/posts/2024/02/CVE-2024-0864 https://cert.pl/posts/2024/02/CVE-2024-0864 https://laragon.org • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2023-51801
https://notcve.org/view.php?id=CVE-2023-51801
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. Una vulnerabilidad de inyección SQL en el Simple Student Attendance System v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro id en las páginas Student_form.php y class_form.php. • https://github.com/geraldoalcantara/CVE-2023-51801 • CWE-94: Improper Control of Generation of Code ('Code Injection') •