CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55638 – Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
https://notcve.org/view.php?id=CVE-2024-55638
09 Dec 2024 — This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-008 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55637 – Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
https://notcve.org/view.php?id=CVE-2024-55637
09 Dec 2024 — This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-007 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-55636 – Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
https://notcve.org/view.php?id=CVE-2024-55636
09 Dec 2024 — This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. • https://www.drupal.org/sa-core-2024-006 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11608
https://notcve.org/view.php?id=CVE-2024-11608
09 Dec 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0026 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11454 – Untrusted Search Path vulnerability in Autodesk Revit
https://notcve.org/view.php?id=CVE-2024-11454
09 Dec 2024 — A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0025 • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7298 – Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2023-7298
09 Dec 2024 — A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2023-0025 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-43962
https://notcve.org/view.php?id=CVE-2023-43962
09 Dec 2024 — Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. • https://github.com/Cosemz/CVE/blob/main/xunruicms/XunRuiCms%20Stored%20XSS%20%28Authenticated%29.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54920
https://notcve.org/view.php?id=CVE-2024-54920
09 Dec 2024 — A SQL Injection vulnerability was found in the /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database... • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20Signup%20teacher.pdf •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54922
https://notcve.org/view.php?id=CVE-2024-54922
09 Dec 2024 — A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20edit_user.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54926
https://notcve.org/view.php?id=CVE-2024-54926
09 Dec 2024 — A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20search_class.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •