CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43799 – send vulnerable to template injection that can lead to XSS
https://notcve.org/view.php?id=CVE-2024-43799
This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function. • https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg https://access.redhat.com/security/cve/CVE-2024-43799 https://bugzilla.redhat.com/show_bug.cgi?id=2311153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-33698
https://notcve.org/view.php?id=CVE-2024-33698
This could allow an unauthenticated remote attacker to execute arbitrary code. ... This could allow an unauthenticated remote attacker to execute arbitrary code. • https://cert-portal.siemens.com/productcert/html/ssa-039007.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8258 – Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
https://notcve.org/view.php?id=CVE-2024-8258
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. • https://www.electronjs.org/docs/latest/tutorial/fuses https://nvd.nist.gov/vuln/detail/CVE-2023-50643 https://nvd.nist.gov/vuln/detail/CVE-2023-49314 https://github.com/r3ggi/electroniz3r • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-44871
https://notcve.org/view.php?id=CVE-2024-44871
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/moziloDasEinsteigerCMS/mozilo3.0 https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44871 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-44676
https://notcve.org/view.php?id=CVE-2024-44676
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md https://github.com/elunez/eladmin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •