CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20739 – ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20739
Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/audition/apsb24-11.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-20728 – ZDI-CAN-22727: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20728
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb24-07.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 13CVE-2024-25600 – WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. • https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT https://github.com/gobysec/GobyVuls https://github.com/gobysec/Goby https://github.com/hy011121/CVE-2024-25600-wordpress-Exploit-RCE https://github.com/ivanbg2004/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress https://github.com/Tornad0007/CVE-2024-25600-Bricks-Builder-plugin-for-WordPress https://github.com/X-Projetion/WORDPRESS-CVE-2024-25600-EXPLOIT-RCE https://github.com/Chocapikk/CVE-2024-25600 https://github.com/wh6amiGit • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1273 – Starbox < 3.5.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1273
The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks El complemento Starbox de WordPress anterior a 3.5.0 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a usuarios con un rol tan bajo como Colaborador realizar ataques de cross-site scripting The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-42374
https://notcve.org/view.php?id=CVE-2023-42374
An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. Un problema en mystenlabs Sui Blockchain anterior a v.1.6.3 permite a un atacante remoto ejecutar código arbitrario y provocar una denegación de servicio a través de un script comprimido manipulado para el componente del nodo Sui. • https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9 https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c • CWE-94: Improper Control of Generation of Code ('Code Injection') •