CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11971 – Guizhou Xiaoma Technology jpress Avatar upload cross site scripting
https://notcve.org/view.php?id=CVE-2024-11971
A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dycccccccc/jpress/blob/main/JPRESS%20file%20upload%20leads%20to%20code%20execution.docx https://vuldb.com/?ctiid.286381 https://vuldb.com/?id.286381 https://vuldb.com/?submit.453637 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52338 – Apache Arrow R package: Arbitrary code execution when loading a malicious data file
https://notcve.org/view.php?id=CVE-2024-52338
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. • https://github.com/apache/arrow/commit/801de2fbcf5bcbce0c019ed4b35ff3fc863b141b https://lists.apache.org/thread/0rcbvj1gdp15lvm23zm601tjpq0k25vt • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52959 – iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection')
https://notcve.org/view.php?id=CVE-2024-52959
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file. • https://zuso.ai/advisory/za-2024-12 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11820 – code-projects Crud Operation System add.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11820
A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/xiaobai19198/cve/blob/main/xss.md https://vuldb.com/?ctiid.286193 https://vuldb.com/?id.286193 https://vuldb.com/?submit.451525 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-53604
https://notcve.org/view.php?id=CVE-2024-53604
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/COVID19/SQL%20Injection%20vulnerability%20mo.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •