CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-43425 – Moodle: remote code execution via calculated question types
https://notcve.org/view.php?id=CVE-2024-43425
Additional restrictions are required to avoid a remote code execution risk in calculated question types. • https://bugzilla.redhat.com/show_bug.cgi?id=2304253 https://moodle.org/mod/forum/discuss.php?d=461193 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-10526 – Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service
https://notcve.org/view.php?id=CVE-2024-10526
By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. • https://docs.velociraptor.app/announcements/2024-cves • CWE-552: Files or Directories Accessible to External Parties CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48954
https://notcve.org/view.php?id=CVE-2024-48954
Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. • https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest https://servicedesk.logpoint.com/hc/en-us/articles/21968851138461-Remote-Code-Execution-RCE-in-EventHub-Collector https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46960
https://notcve.org/view.php?id=CVE-2024-46960
The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. • https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46961
https://notcve.org/view.php?id=CVE-2024-46961
The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. • https://github.com/actuator/com.downloader.privatebrowser/blob/main/CVE-2024-46961 • CWE-94: Improper Control of Generation of Code ('Code Injection') •