CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27191 – WordPress Slivery Extender plugin <= 1.0.2 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-27191
Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2. • https://patchstack.com/database/vulnerability/slivery-extender/wordpress-slivery-extender-plugin-1-0-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22988
https://notcve.org/view.php?id=CVE-2024-22988
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. Un problema en zkteco zkbio WDMS v.8.0.5 permite a un atacante ejecutar código arbitrario a través del componente /files/backup/. • https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47 https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies https://zkteco.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0220 – B&R products use insufficient communication encryption
https://notcve.org/view.php?id=CVE-2024-0220
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. B&R Automation Studio Upgrade Service y B&R Technology Guarding utilizan criptografía insuficiente para la comunicación con la actualización y los servidores de licencias. Un atacante basado en la red podría aprovechar la vulnerabilidad para ejecutar código arbitrario en los productos o rastrear datos confidenciales. Falta de cifrado de datos confidenciales, transmisión de texto plano de información confidencial, control inadecuado de la generación de código ("inyección de código"), vulnerabilidad de fuerza de cifrado inadecuada en B&R Industrial Automation B&R Automation Studio (módulos de servicio de actualización), B&R Industrial Automation Technology Guarding.Este problema afecta a B&R Automation Studio: <4,6; Protección de tecnología: <1.4.0. • https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information CWE-326: Inadequate Encryption Strength CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26483
https://notcve.org/view.php?id=CVE-2024-26483
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. Una vulnerabilidad de carga de archivos arbitrarios en el módulo Imagen de perfil de Kirby CMS v4.1.0 permite a los atacantes ejecutar código arbitrario a través de un archivo PDF manipulado. • https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43 https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 1CVE-2024-1705 – Shopwind Installation DefaultController.php actionCreate code injection
https://notcve.org/view.php?id=CVE-2024-1705
The manipulation leads to code injection. ... Durch das Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://note.zhaoj.in/share/QHdXavkw5eDm https://vuldb.com/?ctiid.254393 https://vuldb.com/?id.254393 • CWE-94: Improper Control of Generation of Code ('Code Injection') •