CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-33698
https://notcve.org/view.php?id=CVE-2024-33698
This could allow an unauthenticated remote attacker to execute arbitrary code. ... This could allow an unauthenticated remote attacker to execute arbitrary code. • https://cert-portal.siemens.com/productcert/html/ssa-039007.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8258 – Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
https://notcve.org/view.php?id=CVE-2024-8258
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. • https://www.electronjs.org/docs/latest/tutorial/fuses https://nvd.nist.gov/vuln/detail/CVE-2023-50643 https://nvd.nist.gov/vuln/detail/CVE-2023-49314 https://github.com/r3ggi/electroniz3r • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-44871
https://notcve.org/view.php?id=CVE-2024-44871
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/moziloDasEinsteigerCMS/mozilo3.0 https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44871 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-44676
https://notcve.org/view.php?id=CVE-2024-44676
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. • https://github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md https://github.com/elunez/eladmin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-34831 – GibbonEdu Core 26.0.00 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-34831
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. • https://github.com/enzored/CVE-2024-34831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •