CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict https://wha13.github.io/2024/06/13/mfcve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: %CPEs: -EXPL: 0CVE-2024-44542
https://notcve.org/view.php?id=CVE-2024-44542
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. • https://github.com/alphandbelt/CVE-2024-44542/tree/main • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-44589
https://notcve.org/view.php?id=CVE-2024-44589
Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. • https://www.dlink.com/en/security-bulletin https://github.com/Xshacry/iot-vuln/blob/main/d-link/dcs-935l/readme.md •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-40568
https://notcve.org/view.php?id=CVE-2024-40568
Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component • https://github.com/xiaobye-ctf/My-CVE/tree/main/BTstack/CVE-2024-40568 •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45803 – Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui
https://notcve.org/view.php?id=CVE-2024-45803
Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. ... By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. ... **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. • https://github.com/wireui/wireui/commit/784c4f110e58eb41d0f2bdecd4655ea417f16e7e https://github.com/wireui/wireui/commit/a457654912055f4dcc559da04d4e319f76b80fc5 https://github.com/wireui/wireui/security/advisories/GHSA-rw5h-g8xq-6877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •