CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52047 – Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52047
31 Dec 2024 — A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. ... An attacker can leverage th... • https://success.trendmicro.com/en-US/solution/KA-0016669 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13070 – CodeAstro Online Food Ordering System Update User Page update_users.php sql injection
https://notcve.org/view.php?id=CVE-2024-13070
31 Dec 2024 — The manipulation of the argument user_upd leads to sql injection. ... Durch Manipulieren des Arguments user_upd mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. • https://github.com/shaturo1337/POCs/blob/main/RCE%20via%20SQL%20Injection%20in%20Online%20Food%20Ordering%20System.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-25133 – Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation
https://notcve.org/view.php?id=CVE-2024-25133
31 Dec 2024 — A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod. • https://bugzilla.redhat.com/show_bug.cgi?id=2260372 • CWE-284: Improper Access Control •
CVSS: -EPSS: 0%CPEs: -EXPL: 1CVE-2024-48818 – IIT Bombay Bodhitree cs101 Code Injection
https://notcve.org/view.php?id=CVE-2024-48818
31 Dec 2024 — The cs101 version of IIT Bombay Bodhitree's website allows attackers to inject malicious code into the online code compiler, allowing for remote code execution. • https://packetstorm.news/files/id/183309 •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54181 – IBM WebSphere Automation command injection
https://notcve.org/view.php?id=CVE-2024-54181
30 Dec 2024 — IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system. • https://www.ibm.com/support/pages/node/7179994 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13047 – Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13047
30 Dec 2024 — Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. ... An attacker can leverage this vulnerability to execute code in the context of the current proce... • https://www.zerodayinitiative.com/advisories/ZDI-24-1731 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13048 – Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13048
30 Dec 2024 — Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. ... An attacker can leverage this vulnerability to execute code in the context of the current ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1732 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13050 – Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13050
30 Dec 2024 — Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. ... An attacker can leverage this vulnerability to execute code in the context o... • https://www.zerodayinitiative.com/advisories/ZDI-24-1734 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13043 – Panda Security Dome Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-13043
30 Dec 2024 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. An attacker can leverage this vulnerability to escalate privileges and execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1727 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12751 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12751
30 Dec 2024 — Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker... • https://www.foxit.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •