CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20743 – Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-20743
15 Feb 2024 — Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20740 – Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-20740
15 Feb 2024 — Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20741 – Adobe Substance 3D Paint ICO Parsing Access Violation Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-20741
15 Feb 2024 — Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html • CWE-123: Write-what-where Condition CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20723 – Adobe Substance 3D Painter v9.0.1Build2822 Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-20723
15 Feb 2024 — Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25502
https://notcve.org/view.php?id=CVE-2024-25502
15 Feb 2024 — Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. Vulnerabilidad de Directory Traversal en flusity CMS v.2.4 permite a un atacante remoto ejecutar código arbitrario y obtener información confidencial a través del componente download_backup.php. • https://github.com/flusity/flusity-CMS/issues/10 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-6138
https://notcve.org/view.php?id=CVE-2023-6138
14 Feb 2024 — A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. • https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1471 – HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-1471
14 Feb 2024 — An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. Existe una vulnerabilidad de inyección de HTML en la que un atacante remoto autenticado con privilegios de administrador en la aplicación Security Center podría modificar los parámetros del repositorio, lo que podría provocar ataques de redirección de HTML. • https://www.tenable.com/security/tns-2024-02 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24707 – WordPress Cwicly plugin <= 1.4.0.2 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-24707
14 Feb 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. • https://patchstack.com/database/vulnerability/cwicly/wordpress-cwicly-plugin-1-4-0-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25918 – WordPress InstaWP Connect plugin <= 0.1.0.8 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-25918
14 Feb 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en InstaWP Team InstaWP Connect permite la inyección de código. Este problema afecta a InstaWP Connect: desde n/a hasta 0.1.0.8. The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up ... • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-8-remote-code-execution-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-25301
https://notcve.org/view.php?id=CVE-2024-25301
14 Feb 2024 — Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. Se descubrió que Redaxo v5.15.1 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /pages/templates.php. • https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •