CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39015
https://notcve.org/view.php?id=CVE-2024-39015
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/7ab061d9eb901cc89652e7666ca3ef52 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38992
https://notcve.org/view.php?id=CVE-2024-38992
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39251
https://notcve.org/view.php?id=CVE-2024-39251
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. • https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39840
https://notcve.org/view.php?id=CVE-2024-39840
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. • https://memorycorruption.net/posts/rce-lua-factorio https://news.ycombinator.com/item? • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39348
https://notcve.org/view.php?id=CVE-2024-39348
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-494: Download of Code Without Integrity Check •