CVSS: 10.0EPSS: 65%CPEs: 1EXPL: 1CVE-2024-45507 – Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
https://notcve.org/view.php?id=CVE-2024-45507
04 Sep 2024 — Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. • https://github.com/Avento/CVE-2024-45507_Behinder_Webshell • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34660
https://notcve.org/view.php?id=CVE-2024-34660
04 Sep 2024 — Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34657
https://notcve.org/view.php?id=CVE-2024-34657
04 Sep 2024 — Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34656
https://notcve.org/view.php?id=CVE-2024-34656
04 Sep 2024 — Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44808
https://notcve.org/view.php?id=CVE-2024-44808
04 Sep 2024 — An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. • https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7627 – Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition
https://notcve.org/view.php?id=CVE-2024-7627
04 Sep 2024 — The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. ... This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. • https://github.com/siunam321/CVE-2024-7627-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7970 – Debian Security Advisory 5766-1
https://notcve.org/view.php?id=CVE-2024-7970
03 Sep 2024 — Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8362 – Debian Security Advisory 5766-1
https://notcve.org/view.php?id=CVE-2024-8362
03 Sep 2024 — Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8386 – mozilla: SelectElements could be shown over another site if popups are allowed
https://notcve.org/view.php?id=CVE-2024-8386
03 Sep 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1907032 • CWE-290: Authentication Bypass by Spoofing CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2024-8385 – mozilla: WASM type confusion involving ArrayTypes
https://notcve.org/view.php?id=CVE-2024-8385
03 Sep 2024 — If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. ... An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. An attacker could pote... • https://bugzilla.mozilla.org/show_bug.cgi?id=1911909 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •