CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6132 – AVEVA Edge products Uncontrolled Search Path Element
https://notcve.org/view.php?id=CVE-2023-6132
29 Feb 2024 — The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL. • https://www.aveva.com/en/support-and-success/cyber-security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20765 – ZDI-CAN-22674: Adobe Acrobat Reader DC PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20765
29 Feb 2024 — Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0864 – RCE in Laragon
https://notcve.org/view.php?id=CVE-2024-0864
29 Feb 2024 — Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. Habilitar el complemento Simple Ajax Uploader incluido en el software de código abierto Laragon permite un ataque de ejecución remota de código (RCE) a través de una validación de entrada incorrecta en un a... • https://cert.pl/en/posts/2024/02/CVE-2024-0864 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24525
https://notcve.org/view.php?id=CVE-2024-24525
29 Feb 2024 — An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. Un problema en EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 y 5.4.2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro infoid de la URL. • https://l3v3lforall.github.io/EpointWebBuilder_v5.x_VULN • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-233: Improper Handling of Parameters •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24520
https://notcve.org/view.php?id=CVE-2024-24520
29 Feb 2024 — An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. Un problema en Lepton CMS v.7.0.0 permite a un atacante local ejecutar código arbitrario a través del archivo update.php en el lugar del idioma. • https://github.com/xF-9979/CVE-2024-24520 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25180
https://notcve.org/view.php?id=CVE-2024-25180
29 Feb 2024 — An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. Un problema descubierto en pdfmake 0.2.9 permite a atacantes remotos ejecutar códig... • https://github.com/bpampuch/pdfmake/issues/2702 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25291
https://notcve.org/view.php?id=CVE-2024-25291
29 Feb 2024 — Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. Deskfiler v1.2.3 permite a los atacantes ejecutar código arbitrario cargando un complemento manipulado. • https://github.com/EQSTLab/CVE-2024-25291 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51801
https://notcve.org/view.php?id=CVE-2023-51801
29 Feb 2024 — SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. Una vulnerabilidad de inyección SQL en el Simple Student Attendance System v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro id en las páginas Student_form.php y class_form.php. • https://github.com/geraldoalcantara/CVE-2023-51801 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25350
https://notcve.org/view.php?id=CVE-2024-25350
28 Feb 2024 — SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. Vulnerabilidad de inyección SQL en /zms/admin/edit-ticket.php en PHPGurukul Zoo Management System 1.0 a través de los parámetros tickettype y tprice. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Edit_Ticket.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25202
https://notcve.org/view.php?id=CVE-2024-25202
28 Feb 2024 — Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. Vulnerabilidad de cross-site scripting en Phpgurukul User Registration & Login y User Management System 1.0 permite a los atacantes ejecutar código arbitrario a través de la barra de búsqueda. • https://github.com/Agampreet-Singh/CVE-2024-25202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •