CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-52945
https://notcve.org/view.php?id=CVE-2024-52945
If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. • https://www.veritas.com/content/support/en_US/security/VTS24-012 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50849
https://notcve.org/view.php?id=CVE-2024-50849
Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary code. A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. • https://github.com/Wh1teSnak3/CVE-2024-50849 https://www.trados.com/product/worldserver • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33231
https://notcve.org/view.php?id=CVE-2024-33231
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. • https://github.com/fdzdev/CVE-2024-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50804
https://notcve.org/view.php?id=CVE-2024-50804
Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder • https://g3tsyst3m.github.io/cve/msi/Arbitrary-Write-Privilege-Escalation-CVE-2024-50804 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-44757
https://notcve.org/view.php?id=CVE-2024-44757
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. • https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44757.md https://github.com/WarmBrew/web_vul/blob/main/M9ERP/M9ERP-filedown-Basics.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •