CVE-2024-50611
https://notcve.org/view.php?id=CVE-2024-50611
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake. • https://github.com/CycloneDX/cdxgen/issues/1328 https://github.com/CycloneDX/cdxgen/releases https://owasp.org/www-project-dep-scan • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-9772 – Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-9772
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/uix-shortcodes/trunk/shortcodes/templates/default/frontpage-init.php#L9 https://wordpress.org/plugins/uix-shortcodes/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/3000758d-68e0-46a6-aef0-e2407a828168?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-47158
https://notcve.org/view.php?id=CVE-2024-47158
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. • https://jvn.jp/en/jp/JVN57285747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-37845
https://notcve.org/view.php?id=CVE-2024-37845
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37845%20RCE.pdf https://github.com/herombey/Disclosures/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-37846
https://notcve.org/view.php?id=CVE-2024-37846
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf https://github.com/herombey/Disclosures/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •