CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22988
https://notcve.org/view.php?id=CVE-2024-22988
23 Feb 2024 — An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. Un problema en zkteco zkbio WDMS v.8.0.5 permite a un atacante ejecutar código arbitrario a través del componente /files/backup/. • https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0220 – B&R products use insufficient communication encryption
https://notcve.org/view.php?id=CVE-2024-0220
22 Feb 2024 — B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. B&R Automation Studio Upgrade Service y B&R Technology Guarding utilizan criptografía insuficiente para la comunicación con la actualización y los servidores de licencias. Un atacante basado en la red podría aprovechar la vu... • https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information CWE-326: Inadequate Encryption Strength CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26483
https://notcve.org/view.php?id=CVE-2024-26483
22 Feb 2024 — An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. Una vulnerabilidad de carga de archivos arbitrarios en el módulo Imagen de perfil de Kirby CMS v4.1.0 permite a los atacantes ejecutar código arbitrario a través de un archivo PDF manipulado. • https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1705 – Shopwind Installation DefaultController.php actionCreate code injection
https://notcve.org/view.php?id=CVE-2024-1705
21 Feb 2024 — The manipulation leads to code injection. ... Durch das Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://note.zhaoj.in/share/QHdXavkw5eDm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 4CVE-2024-23346 – pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
https://notcve.org/view.php?id=CVE-2024-23346
21 Feb 2024 — Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. Pymatgen (Python Materials Genomics) es una librería Python de código abierto para ... • https://github.com/9carlo6/CVE-2024-23346 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2023-42843 – webkit: visiting a malicious website may lead to address bar spoofing
https://notcve.org/view.php?id=CVE-2023-42843
21 Feb 2024 — Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. • http://www.openwall.com/lists/oss-security/2024/03/26/1 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50975
https://notcve.org/view.php?id=CVE-2023-50975
21 Feb 2024 — The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). • https://gist.github.com/khronokernel/2598c067d0f49b0f0a4c8b01cf129d34 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24333
https://notcve.org/view.php?id=CVE-2023-24333
21 Feb 2024 — A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi. Una vulnerabilidad de desbordamiento en la región stack de la memoria en Tenda AC21 con la versión de firmware US_AC21V1.0re_V16.03.08.15_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a través de una solicitud POST manipulada para /goform/openSchedWifi. • https://github.com/caoyebo/CVE/tree/main/TENDA%20AC21%20-%20CVE-2023-24333 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45177
https://notcve.org/view.php?id=CVE-2022-45177
21 Feb 2024 — An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. Se descubrió un problema en LIVEBOX Collaboration vDesk hasta v031.... • https://www.gruppotim.it/it/footer/red-team.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-203: Observable Discrepancy •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21682
https://notcve.org/view.php?id=CVE-2024-21682
20 Feb 2024 — This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you ma... • https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •