CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42041
https://notcve.org/view.php?id=CVE-2024-42041
The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component. • https://github.com/actuator/com.videodownload.browser.videodownloader/blob/main/CVE-2024-42041 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48093
https://notcve.org/view.php?id=CVE-2024-48093
Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types. • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-48093/Description.md https://youtu.be/rCYIohrQdxM • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48112
https://notcve.org/view.php?id=CVE-2024-48112
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. • https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md https://github.com/top-think/think • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48214
https://notcve.org/view.php?id=CVE-2024-48214
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera. • https://medium.com/%40shenhavmor/exploiting-a-chinese-camera-for-fun-cve-2024-48214-2d56848870c2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48807
https://notcve.org/view.php?id=CVE-2024-48807
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. • https://medium.com/%40KrishnaChaganti/cross-site-scripting-xss-in-appointment-management-system-cve-2024-48807-0f7523be9fa2 https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •