CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-34657
https://notcve.org/view.php?id=CVE-2024-34657
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34656
https://notcve.org/view.php?id=CVE-2024-34656
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-44808
https://notcve.org/view.php?id=CVE-2024-44808
An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. • https://github.com/Vypor/Vypors-Attack-API-System https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7627 – Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition
https://notcve.org/view.php?id=CVE-2024-7627
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. ... This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. • https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L39 https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Providers/FileEditValidator.php#L88 https://plugins.trac.wordpress.org/changeset/3138710 https://www.wordfence.com/threat-intel/vulnerabilities/id/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8374 – Arbitrary Code Injection in Cura
https://notcve.org/view.php?id=CVE-2024-8374
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). ... When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. • https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50 • CWE-94: Improper Control of Generation of Code ('Code Injection') •