CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-25202
https://notcve.org/view.php?id=CVE-2024-25202
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. Vulnerabilidad de cross-site scripting en Phpgurukul User Registration & Login y User Management System 1.0 permite a los atacantes ejecutar código arbitrario a través de la barra de búsqueda. • https://github.com/Agampreet-Singh/CVE-2024-25202 https://drive.google.com/file/d/1oMNcChsXPMP9pu9lIE2C11n8mzkmLhcY/view https://medium.com/%40agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50379 – Apache Ambari: authenticated users could perform command injection to perform RCE
https://notcve.org/view.php?id=CVE-2023-50379
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. • http://www.openwall.com/lists/oss-security/2024/02/27/1 https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-1885 – Remote Code Execution attack on LG Signage
https://notcve.org/view.php?id=CVE-2024-1885
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en el webOS afectado de LG Signage TV. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27191 – WordPress Slivery Extender plugin <= 1.0.2 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-27191
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2. • https://patchstack.com/database/vulnerability/slivery-extender/wordpress-slivery-extender-plugin-1-0-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22988
https://notcve.org/view.php?id=CVE-2024-22988
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. Un problema en zkteco zkbio WDMS v.8.0.5 permite a un atacante ejecutar código arbitrario a través del componente /files/backup/. • https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47 https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies https://zkteco.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •