CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47180 – Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges
https://notcve.org/view.php?id=CVE-2024-47180
26 Sep 2024 — Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. • https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47169 – Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
https://notcve.org/view.php?id=CVE-2024-47169
26 Sep 2024 — A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. • https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83 • CWE-35: Path Traversal: '.../...//' CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39577
https://notcve.org/view.php?id=CVE-2024-39577
26 Sep 2024 — A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution. • https://www.dell.com/support/kbdoc/en-us/000228976/dsa-2024-274-security-update-for-dell-networking-os10-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49038
https://notcve.org/view.php?id=CVE-2022-49038
26 Sep 2024 — Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9250 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9250
26 Sep 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can... • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9252 – Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9252
26 Sep 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to execute
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9251 – Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9251
26 Sep 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to execute
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9255 – Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9255
26 Sep 2024 — Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker c... • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9249 – Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9249
26 Sep 2024 — Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An ... • https://www.foxit.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9253 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9253
26 Sep 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to execute