CVE-2024-38992
https://notcve.org/view.php?id=CVE-2024-38992
This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-37454 – WordPress AWSM Team – Team Showcase Plugin plugin <= 1.3.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37454
This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/awsm-team/wordpress-awsm-team-team-showcase-plugin-plugin-1-3-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2024-39251
https://notcve.org/view.php?id=CVE-2024-39251
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. • https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVE-2024-39840
https://notcve.org/view.php?id=CVE-2024-39840
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. • https://memorycorruption.net/posts/rce-lua-factorio https://news.ycombinator.com/item? • CWE-787: Out-of-bounds Write •
CVE-2024-39348
https://notcve.org/view.php?id=CVE-2024-39348
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-494: Download of Code Without Integrity Check •