CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22188
https://notcve.org/view.php?id=CVE-2024-22188
05 Mar 2024 — TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1. TYPO3 anterior a 13.0.1 permite a un usuario administrador autenticado (con privilegios de mantenimiento del sistema) ejecutar comandos de shell arbitrarios (con los priv... • https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27627
https://notcve.org/view.php?id=CVE-2024-27627
05 Mar 2024 — A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page. Existe una vulnerabilidad Cross-Site Scripting Reflejado (XSS) en SuperCali versión 1.1.0, que permite a atacantes remotos ejecutar código JavaScript de su elección a través del parámetro email en la página bad_password.php. • https://packetstormsecurity.com/files/177254/SuperCali-1.1.0-Cross-Site-Scripting.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27622
https://notcve.org/view.php?id=CVE-2024-27622
05 Mar 2024 — A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code. Se ha identificado una vulnerabilidad de ejecución remota de código en el módulo Etiquetas definidas por el usuario de CMS Made Simple versión 2.2.19. Esta ... • https://github.com/capture0x/CMSMadeSimple • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24278
https://notcve.org/view.php?id=CVE-2024-24278
05 Mar 2024 — An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. Un problema en el cliente de escritorio Teamwire Windows v.2.0.1 a v.2.4.0 permite a un atacante remoto obtener información confidencial a través de un payload manipula para la función de mensaje. • https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0156
https://notcve.org/view.php?id=CVE-2024-0156
04 Mar 2024 — A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. ... A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. • https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46708 – Wlan has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2023-46708
04 Mar 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7243 – Ethercat Zeek Plugin Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-7243
01 Mar 2024 — This could allow an attacker to cause arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7244 – Ethercat Zeek Plugin Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-7244
01 Mar 2024 — This could allow an attacker to cause arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25293
https://notcve.org/view.php?id=CVE-2024-25293
01 Mar 2024 — mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. Se descubrió que las versiones 3.0.4 y 3.1.0-beta de mjml-app contienen una ejecución remota de código (RCE) a través del atributo href. • https://github.com/EQSTLab/CVE-2024-25293 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2016 – ZhiCms setcontroller.php index code injection
https://notcve.org/view.php?id=CVE-2024-2016
29 Feb 2024 — The manipulation of the argument sitename leads to code injection. ... Durch Manipulation des Arguments sitename mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •