CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50069 – pinctrl: apple: check devm_kasprintf() returned value
https://notcve.org/view.php?id=CVE-2024-50069
29 Oct 2024 — Found by code review. ... Found by code review. ... An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50068 – mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets()
https://notcve.org/view.php?id=CVE-2024-50068
29 Oct 2024 — An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/b8ee5575f763c239902f8523d82103a45c153b29 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51181
https://notcve.org/view.php?id=CVE-2024-51181
29 Oct 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/IFSC%20Code%20Finder/IFSC%20Code%20Finder%20Admin.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-51568 – CyberPanel 2.3.x Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-51568
29 Oct 2024 — There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters. • https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48206
https://notcve.org/view.php?id=CVE-2024-48206
29 Oct 2024 — A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code. • https://gist.github.com/hexian2001/51c6257351098e5b086a12ad247cc6ca • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-48063
https://notcve.org/view.php?id=CVE-2024-48063
29 Oct 2024 — In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. En PyTorch <=2.4.1, RemoteModule tiene RCE de deserialización. In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. • https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48138
https://notcve.org/view.php?id=CVE-2024-48138
29 Oct 2024 — A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template. Una vulnerabilidad de ejecución remota de código (RCE) en el componente /PluXml/core/admin/parametres_edittpl.php de PluXml v5.8.16 y anteriores permite a los atacantes ejecutar código arbitrario mediante ... • https://github.com/pluxml/PluXml/issues/829 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48461
https://notcve.org/view.php?id=CVE-2024-48461
29 Oct 2024 — Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field. • https://github.com/bassmaster187/TeslaLogger/blob/65f5ff43c7cacf0391ddc21b90f77a2e8c8d860e/TeslaLogger/bin/changelog.md?plain=1#L4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8512 – W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8512
29 Oct 2024 — The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. ... This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51075
https://notcve.org/view.php?id=CVE-2024-51075
29 Oct 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Online%20DJ%20Booking/DJ%20online%20Cross%20Site%20Scripting%20%20u.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •