CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42902
https://notcve.org/view.php?id=CVE-2024-42902
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function • https://bugs.limesurvey.org/view.php?id=19639 https://github.com/LimeSurvey/LimeSurvey/blob/6434b12ded1c4b6516200c453441d0896e11eee0/vendor/kcfinder/js_localize.php#L19 https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42902 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-39816 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-39816
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. en OpenHarmony v4.1.0 y versiones anteriores se permite a un atacante local la ejecución de código arbitrario en aplicaciones preinstaladas a través de escritura fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-38386 – Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2024-38386
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. en OpenHarmony v4.1.0 y versiones anteriores se permite a un atacante local la ejecución de código arbitrario en aplicaciones preinstaladas a través de escritura fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45623
https://notcve.org/view.php?id=CVE-2024-45623
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-41361
https://notcve.org/view.php?id=CVE-2024-41361
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php • https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •