CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41577
https://notcve.org/view.php?id=CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. • https://github.com/SENVIEL/learun-upload_file/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38989
https://notcve.org/view.php?id=CVE-2024-38989
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/5e9830fb180a34d65f04fafb52d2b94b https://github.com/izatop/bunt/commit/c55201a8cee03e5282f99874dead988c80d31db7 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-40478
https://notcve.org/view.php?id=CVE-2024-40478
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Stored%20XSS.pdf https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50809
https://notcve.org/view.php?id=CVE-2023-50809
This can result in remote code execution within the kernel. • https://www.sonos.com/en-us/security-advisory-2024-0001 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38219 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-38219
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38219 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •