CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38664 – drm: zynqmp_dpsub: Always register bridge
https://notcve.org/view.php?id=CVE-2024-38664
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/eb2d64bfcc174919a921295a5327b99a3b8f4166 • CWE-667: Improper Locking •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38663 – blk-cgroup: fix list corruption from resetting io stat
https://notcve.org/view.php?id=CVE-2024-38663
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/3b8cc6298724021da845f2f9fd7dd4b6829a6817 • CWE-665: Improper Initialization •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38384 – blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
https://notcve.org/view.php?id=CVE-2024-38384
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/3b8cc6298724021da845f2f9fd7dd4b6829a6817 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5683 – Remote Code Execution in Next4Biz's BPM
https://notcve.org/view.php?id=CVE-2024-5683
24 Jun 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5. • https://www.usom.gov.tr/bildirim/tr-24-0739 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24551 – Bludit - Remote Code Execution (RCE) through Image API
https://notcve.org/view.php?id=CVE-2024-24551
24 Jun 2024 — A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. • https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24550 – Bludit - Remote Code Execution (RCE) through File API
https://notcve.org/view.php?id=CVE-2024-24550
24 Jun 2024 — A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. • https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-3121 – Remote Code Execution in create_conda_env function in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-3121
24 Jun 2024 — A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. ... This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands. • https://github.com/Abo5/CVE-2024-31210 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37680
https://notcve.org/view.php?id=CVE-2024-37680
24 Jun 2024 — FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. • https://github.com/dabaizhizhu/123/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37732
https://notcve.org/view.php?id=CVE-2024-37732
24 Jun 2024 — Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. • https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33278
https://notcve.org/view.php?id=CVE-2024-33278
24 Jun 2024 — Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. • https://gist.github.com/viktoredstrom/cd2580fb0e93e47133b2998553b0a52f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •