CVSS: 4.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-2537 – Electron Code Injection in Logi Tune macOS Application
https://notcve.org/view.php?id=CVE-2024-2537
15 Mar 2024 — Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. La vulnerabilidad del control inadecuado de los recursos de código administrados dinámicamente en Logitech Logi Tune en MacOS permite la inclusión de código local. • https://github.com/ewilded/CVE-2024-25376-POC • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2497 – RaspAP raspap-webgui HTTP POST Request provider.php code injection
https://notcve.org/view.php?id=CVE-2024-2497
15 Mar 2024 — The manipulation of the argument country leads to code injection. ... Durch die Manipulation des Arguments country mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27756
https://notcve.org/view.php?id=CVE-2024-27756
15 Mar 2024 — GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. Un problema en GLPI v.10.0.12 y anteriores permite a un atacante remoto ejecutar código arbitrario, escalar privilegios y obtener información confidencial a través de un script manipulado en el campo de título. • https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28424
https://notcve.org/view.php?id=CVE-2024-28424
14 Mar 2024 — zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. Se descubrió que zenml v0.55.4 contenía una vulnerabilidad de carga de archivos arbitraria en la función de carga en /materializers/cloudpickle_materializer.py. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario cargando un archivo manipulado. • https://github.com/bayuncao/vul-cve-18 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22167 – SanDisk PrivateAccess DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2024-22167
13 Mar 2024 — A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. • https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-11 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20745 – ZDI-CAN-22671: Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20745
13 Mar 2024 — Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27972 – WordPress WP Fusion Lite plugin <= 3.41.24 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-27972
13 Mar 2024 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Very Good Plugins WP Fusion Lite permite la inyección de comando. Este problema afecta a WP Fusion Lite: desde n/a hasta 3.41.24. The WP Fusion Lite – Marketing Automatio... • https://github.com/truonghuuphuc/CVE-2024-27972-Poc • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27951 – WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-27951
13 Mar 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Themeisle Multiple Page Generator Plugin – MPG permite cargar un Shell web a un servidor web. Este problema afecta al complemento generador de páginas múltiples – MPG: desde n/a hasta 3.4.0. The Multip... • https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-3-4-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20752 – ZDI-CAN-22653: Adobe Bridge PS File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20752
13 Mar 2024 — Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/bridge/apsb24-15.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23300 – Apple Security Advisory 03-12-2024-1
https://notcve.org/view.php?id=CVE-2024-23300
12 Mar 2024 — Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Mar/27 • CWE-416: Use After Free •