CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8374 – Arbitrary Code Injection in Cura
https://notcve.org/view.php?id=CVE-2024-8374
03 Sep 2024 — UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). ... When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. • https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44809
https://notcve.org/view.php?id=CVE-2024-44809
03 Sep 2024 — A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. • https://jacobmasse.medium.com/cve-2024-44809-remote-code-execution-in-raspberry-pi-camera-project-4b8e3486a628 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38456 – Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-38456
03 Sep 2024 — A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. Vivavis HIGH-LEIT versions 4 and 5 allow attackers to execute arbitrary code as local system on systems where the "HL-InstallService-hlxw" or "HL-InstallService-hlnt" Windows service is running. • https://www.vivavis.com/en/vivavis-high-leit-rce-vulnerability-cve-2024-38456 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42902
https://notcve.org/view.php?id=CVE-2024-42902
03 Sep 2024 — An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function • https://bugs.limesurvey.org/view.php?id=19639 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42901
https://notcve.org/view.php?id=CVE-2024-42901
03 Sep 2024 — A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. • https://github.com/LimeSurvey/LimeSurvey/pull/3884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43776 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43776
02 Sep 2024 — SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. • https://zuso.ai/advisory/za-2024-09 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43775 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43775
02 Sep 2024 — SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. • https://zuso.ai/advisory/za-2024-08 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43774 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43774
02 Sep 2024 — SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter. • https://zuso.ai/advisory/za-2024-07 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43773 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43773
02 Sep 2024 — SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. • https://zuso.ai/advisory/za-2024-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43772 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43772
02 Sep 2024 — SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. • https://zuso.ai/advisory/za-2024-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •