CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2024-11495 – Buffer overflow in OllyDbg
https://notcve.org/view.php?id=CVE-2024-11495
Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking. • https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-ollydbg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: %CPEs: 1EXPL: 0CVE-2024-11456 – Run Contests, Raffles, and Giveaways with ContestsWP <= 2.0.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-11456
This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-11477 – 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11477
This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2024-48531
https://notcve.org/view.php?id=CVE-2024-48531
A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/esoft-planner-cve/esoft_planner_cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: %CPEs: -EXPL: 0CVE-2024-48534
https://notcve.org/view.php?id=CVE-2024-48534
A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/esoft-planner-cve/esoft_planner_cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •