CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2023-5677 – Insufficient input validation in VAPIX API tcptext.cgi
https://notcve.org/view.php?id=CVE-2023-5677
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. • https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24469
https://notcve.org/view.php?id=CVE-2024-24469
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar código arbitrario a través de delete_post .php. • https://github.com/tang-0717/cms/blob/main/2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24874 – WordPress Polls CP plugin <= 1.0.71 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-24874
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CodePeople CP Polls allows Code Injection.This issue affects CP Polls: from n/a through 1.0.71. La neutralización incorrecta de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en CodePeople CP Polls permite la inyección de código. Este problema afecta a CP Polls: desde n/a hasta 1.0.71. The Polls CP plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.0.71. This is due to insufficient validation on poll answers. • https://patchstack.com/database/vulnerability/cp-polls/wordpress-polls-cp-plugin-1-0-71-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24396
https://notcve.org/view.php?id=CVE-2024-24396
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. Vulnerabilidad de Cross Site Scripting en Stimulsoft GmbH Stimulsoft Dashboard.JS anterior a v.2024.1.2 permite a un atacante remoto ejecutar código arbitrario a través de un payload diseñado en el componente de la barra de búsqueda. • https://github.com/trustcves/CVE-2024-24396 http://stimulsoft.com https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R https://cves.at/posts/cve-2024-24396/writeup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25089
https://notcve.org/view.php?id=CVE-2024-25089
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. Malwarebytes Binisoft Windows Firewall Control anterior a 6.9.9.2 permite a atacantes remotos ejecutar código arbitrario a través de canalizaciones con nombre gRPC. • https://hackerone.com/reports/2300061 https://www.binisoft.org/changelog.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •