CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10035 – Code Injection in BG-TEK's CoslatV3
https://notcve.org/view.php?id=CVE-2024-10035
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported. • https://www.usom.gov.tr/bildirim/tr-24-1814 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10761 – Umbraco CMS Dashboard frame cross site scripting
https://notcve.org/view.php?id=CVE-2024-10761
A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. • https://vuldb.com/?ctiid.282930 https://vuldb.com/?id.282930 https://vuldb.com/?submit.427091 https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51329
https://notcve.org/view.php?id=CVE-2024-51329
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. • https://github.com/idrsdev/agile-board/tree/main https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51329%20-%20Host%20Header%20Injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10263 – Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-10263
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48050
https://notcve.org/view.php?id=CVE-2024-48050
In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands. En agentscope <=v0.0.4, el archivo agentscope\web\workstation\workflow_utils.py tiene la función is_callable_expression. Dentro de esta función, la línea result = eval(s) plantea un riesgo de seguridad, ya que puede ejecutar directamente comandos proporcionados por el usuario. • https://gist.github.com/AfterSnows/0ad9d233a9d2a5b7e6e5273e2e23508d https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Code-Execution-via-The-use-of-eval-in-is_callable_expression-and-sanitize_nod-cd4ea6c576da4e0b965ef596855c298d • CWE-94: Improper Control of Generation of Code ('Code Injection') •