CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25180
https://notcve.org/view.php?id=CVE-2024-25180
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. Un problema descubierto en pdfmake 0.2.9 permite a atacantes remotos ejecutar código arbitrario mediante una solicitud POST manipulada en la ruta '/pdf'. • https://github.com/bpampuch/pdfmake/issues/2702 https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243 https://www.youtube.com/watch?v=QcOlrWUGo6o • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25350
https://notcve.org/view.php?id=CVE-2024-25350
SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. Vulnerabilidad de inyección SQL en /zms/admin/edit-ticket.php en PHPGurukul Zoo Management System 1.0 a través de los parámetros tickettype y tprice. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Edit_Ticket.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-25202
https://notcve.org/view.php?id=CVE-2024-25202
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. Vulnerabilidad de cross-site scripting en Phpgurukul User Registration & Login y User Management System 1.0 permite a los atacantes ejecutar código arbitrario a través de la barra de búsqueda. • https://github.com/Agampreet-Singh/CVE-2024-25202 https://drive.google.com/file/d/1oMNcChsXPMP9pu9lIE2C11n8mzkmLhcY/view https://medium.com/%40agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50379 – Apache Ambari: authenticated users could perform command injection to perform RCE
https://notcve.org/view.php?id=CVE-2023-50379
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. • http://www.openwall.com/lists/oss-security/2024/02/27/1 https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-1885 – Remote Code Execution attack on LG Signage
https://notcve.org/view.php?id=CVE-2024-1885
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en el webOS afectado de LG Signage TV. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-94: Improper Control of Generation of Code ('Code Injection') •