CVE-2024-37849
https://notcve.org/view.php?id=CVE-2024-37849
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. • https://github.com/ganzhi-qcy/cve/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-23143 – Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23143
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2024-2024 – Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
https://notcve.org/view.php?id=CVE-2024-2024
This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/Notselwyn/CVE-2024-1086 https://github.com/amalmurali47/git_rce https://github.com/zgzhang/cve-2024-6387-poc https://github.com/acrono/cve-2024-6387-poc https://github.com/amlweems/xzbot https://github.com/h4x0r-dz/CVE-2024-23897 https://github.com/h4x0r-dz/CVE-2024-3400 https://github.com/h4x0r-dz/CVE-2024-21762 https://github.com/h4x0r-dz/CVE-2024-21893.py https://github.com/hakaioffsec/CVE-2024-21338 https://github.com/varwara/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-33253
https://notcve.org/view.php?id=CVE-2024-33253
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. • https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20%27certbadge.php%27%20Stored%20Cross%20Site%20Scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-37022 – Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2024-37022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 • CWE-787: Out-of-bounds Write •