CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49522 – Substance3D - Painter | Out-of-bounds Write (CWE-787)
https://notcve.org/view.php?id=CVE-2024-49522
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html • CWE-787: Out-of-bounds Write •
CVSS: 8.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-7059
https://notcve.org/view.php?id=CVE-2024-7059
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line. • https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-51132 – org.hl7.fhir.convertors: org.hl7.fhir.dstu2: org.hl7.fhir.dstu2016may: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r5: org.hl7.fhir.utilities: org.hl7.fhir.validation: org.hl7.fhir.core: FHIR arbitrary code execution via specially-crafted request
https://notcve.org/view.php?id=CVE-2024-51132
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. Una vulnerabilidad de entidad externa XML (XXE) en HAPI FHIR anterior a v6.4.0 permite a los atacantes acceder a información confidencial o ejecutar código arbitrario mediante el suministro de una solicitud manipulada que contiene entidades XML maliciosas. A flaw was found in Fast Healthcare Interoperability Resources (HAPI FHIR). This vulnerability could allow attackers to execute arbitrary code or access sensitive information via a crafted request which contains malicious XML entities. • https://github.com/JAckLosingHeart/CVE-2024-51132-POC https://github.com/hapifhir/org.hl7.fhir.core https://access.redhat.com/security/cve/CVE-2024-51132 https://bugzilla.redhat.com/show_bug.cgi?id=2323897 https://docs.redhat.com/en/documentation/red_hat_build_of_apache_camel_k/1.10.8/html/release_notes_for_red_hat_build_of_apache_camel_k/camel-k-relnotes_camelk#supported_camel_quarkus_connector_extensions • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10035 – Code Injection in BG-TEK's CoslatV3
https://notcve.org/view.php?id=CVE-2024-10035
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported. • https://www.usom.gov.tr/bildirim/tr-24-1814 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10761 – Umbraco CMS Dashboard frame cross site scripting
https://notcve.org/view.php?id=CVE-2024-10761
A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. • https://vuldb.com/?ctiid.282930 https://vuldb.com/?id.282930 https://vuldb.com/?submit.427091 https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •