CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45735 – Westermo Lynx Code Injection
https://notcve.org/view.php?id=CVE-2023-45735
06 Feb 2024 — A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. Un potencial atacante con acceso al dispositivo Westermo Lynx podría ejecutar código malicioso que podría afectar el correcto funcionamiento del dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24577 – libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`
https://notcve.org/view.php?id=CVE-2024-24577
06 Feb 2024 — Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. ... Depending on the application that uses libgit2, this could lead to arbitrary code execution. • https://github.com/libgit2/libgit2/releases/tag/v1.6.5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2024-0684 – Coreutils: heap overflow in split --line-bytes with very long lines
https://notcve.org/view.php?id=CVE-2024-0684
06 Feb 2024 — A vulnerability has been discovered in Coreutils, which can lead to a heap buffer overflow and possibly arbitrary code execution. • https://github.com/Valentin-Metz/writeup_split • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22514
https://notcve.org/view.php?id=CVE-2024-22514
06 Feb 2024 — An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Un problema descubierto en iSpyConnect.com Agent DVR 5.1.6.0 permite a los atacantes ejecutar archivos arbitrarios restaurando un archivo de copia de seguridad manipulado. • https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5800 – Insufficient input validation in VAPIX API create_overlay.cgi
https://notcve.org/view.php?id=CVE-2023-5800
05 Feb 2024 — Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. Vintage, miembro del programa AXIS OS Bug Bounty, descubrió ... • https://www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf • .//' CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 22EXPL: 0CVE-2023-5677 – Insufficient input validation in VAPIX API tcptext.cgi
https://notcve.org/view.php?id=CVE-2023-5677
05 Feb 2024 — Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Ax... • https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24874 – WordPress Polls CP plugin <= 1.0.71 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-24874
05 Feb 2024 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en CodePeople CP Polls permite la inyección de código. Este problema afecta a CP Polls: desde n/a hasta 1.0.71. The Polls CP plugin for WordPress is vulnerable to content injection in all versions up ... • https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-71-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24469
https://notcve.org/view.php?id=CVE-2024-24469
05 Feb 2024 — Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través de delete_post .php. • https://github.com/tang-0717/cms/blob/main/2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24396
https://notcve.org/view.php?id=CVE-2024-24396
05 Feb 2024 — Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. Vulnerabilidad de Cross Site Scripting en Stimulsoft GmbH Stimulsoft Dashboard.JS anterior a v.2024.1.2 permite a un atacante remoto ejecutar código arbitrario a través de un payload diseñado en el componente de la barra de búsqueda. • https://github.com/trustcves/CVE-2024-24396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25089
https://notcve.org/view.php?id=CVE-2024-25089
04 Feb 2024 — Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. Malwarebytes Binisoft Windows Firewall Control anterior a 6.9.9.2 permite a atacantes remotos ejecutar código arbitrario a través de canalizaciones con nombre gRPC. • https://hackerone.com/reports/2300061 • CWE-94: Improper Control of Generation of Code ('Code Injection') •