CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28739
https://notcve.org/view.php?id=CVE-2024-28739
06 Aug 2024 — An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. • https://febin0x4e4a.wordpress.com/2024/03/07/xss-to-one-click-rce-in-koha-ils • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2024-39226
https://notcve.org/view.php?id=CVE-2024-39226
06 Aug 2024 — This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. • http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34344 – Remote code execution via the browser when running the test locally in nuxt
https://notcve.org/view.php?id=CVE-2024-34344
05 Aug 2024 — Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. • https://github.com/nuxt/nuxt/security/advisories/GHSA-v784-fjjh-f8r4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23657 – Path Traversal: '../filedir' in Nuxt Devtools
https://notcve.org/view.php?id=CVE-2024-23657
05 Aug 2024 — In certain configurations an attacker could leak the devtools authentication token and then abuse other RPC functions to achieve RCE. The `getTextAssetContent` function does not check for path traversals, this could allow an attacker to read arbitrary files over the RPC WebSocket. • https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/dev-auth.ts#L14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6361 – Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product.
https://notcve.org/view.php?id=CVE-2024-6361
05 Aug 2024 — The vulnerability could cause remote code execution attack. ... The vulnerability could cause remote code execution attack. • https://portal.microfocus.com/s/article/KM000032605?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 9CVE-2024-38856 – Apache OFBiz Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2024-38856
05 Aug 2024 — Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. ... Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a G... • https://github.com/codeb0ss/CVE-2024-38856-PoC • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7540 – oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7540
05 Aug 2024 — An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrar... • https://www.zerodayinitiative.com/advisories/ZDI-24-1080 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7511 – Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7511
05 Aug 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. An attacker can leverage this in conjunction with other vulnerabilities to ex... • https://www.zerodayinitiative.com/advisories/ZDI-24-1057 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7545 – oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7545
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of the service account. An attacker c... • https://www.zerodayinitiative.com/advisories/ZDI-24-1085 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7547 – oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7547
05 Aug 2024 — This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to execute code in the context of the service account. An attacker c... • https://www.zerodayinitiative.com/advisories/ZDI-24-1087 • CWE-121: Stack-based Buffer Overflow •