CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-37849
https://notcve.org/view.php?id=CVE-2024-37849
A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. • https://github.com/ganzhi-qcy/cve/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-23143 – Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23143
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 50CVE-2024-2024 – Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
https://notcve.org/view.php?id=CVE-2024-2024
This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/Notselwyn/CVE-2024-1086 https://github.com/amalmurali47/git_rce https://github.com/zgzhang/cve-2024-6387-poc https://github.com/acrono/cve-2024-6387-poc https://github.com/amlweems/xzbot https://github.com/h4x0r-dz/CVE-2024-23897 https://github.com/h4x0r-dz/CVE-2024-3400 https://github.com/h4x0r-dz/CVE-2024-21762 https://github.com/h4x0r-dz/CVE-2024-21893.py https://github.com/hakaioffsec/CVE-2024-21338 https://github.com/varwara/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-33253
https://notcve.org/view.php?id=CVE-2024-33253
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. • https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20%27certbadge.php%27%20Stored%20Cross%20Site%20Scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37022 – Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2024-37022
Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-14 • CWE-787: Out-of-bounds Write •