CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46103
https://notcve.org/view.php?id=CVE-2024-46103
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. • https://github.com/N0zoM1z0/MY-CVE/blob/main/CVE-2024-46103.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9006 – jeanmarc77 123solar config_invt1.php code injection
https://notcve.org/view.php?id=CVE-2024-9006
The manipulation of the argument PASSOx leads to code injection. ... Mittels dem Manipulieren des Arguments PASSOx mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/jeanmarc77/123solar/commit/f4a8c748ec436e5a79f91ccb6a6f73752b336aa5 https://github.com/jeanmarc77/123solar/issues/74 https://github.com/jeanmarc77/123solar/issues/74#issuecomment-2357653441 https://vuldb.com/?ctiid.278162 https://vuldb.com/?id.278162 https://vuldb.com/?submit.408298 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40125
https://notcve.org/view.php?id=CVE-2024-40125
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. • https://github.com/brendontkl/My-CVEs/tree/main/CVE-2024-40125 https://www.closed-loop.biz • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45858
https://notcve.org/view.php?id=CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. • https://hiddenlayer.com/sai-security-advisory/2024-09-guardrails • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35515
https://notcve.org/view.php?id=CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. • https://github.com/piskvorky/sqlitedict https://wha13.github.io/2024/06/13/mfcve • CWE-94: Improper Control of Generation of Code ('Code Injection') •