CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-44623
https://notcve.org/view.php?id=CVE-2024-44623
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. • https://github.com/merbinr/CVE-2024-44623 https://github.com/TuomoKu/SPX-GC https://github.com/TuomoKu/SPX-GC/blob/v.1.3.0/routes/routes-api.js#L39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2024-8864 – composiohq composio calculator.py Calculator code injection
https://notcve.org/view.php?id=CVE-2024-8864
The manipulation leads to code injection. ... Durch Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8271 – FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8271
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/tags/1.4.2.1/classes/woocs.php#L4604 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3150596%40woocommerce-currency-switcher&new=3150596%40woocommerce-currency-switcher&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/dec51bd6-2ffe-47b6-9423-6131395bf439?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45109 – Photoshop Desktop | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-45109
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-72.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43756 – Photoshop Desktop | Heap-based Buffer Overflow (CWE-122)
https://notcve.org/view.php?id=CVE-2024-43756
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb24-72.html • CWE-122: Heap-based Buffer Overflow •