CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-23937 – Silicon Labs Gecko OS Debug Interface Format String
https://notcve.org/view.php?id=CVE-2024-23937
21 Jun 2024 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. • https://community.silabs.com/a45Vm0000000Atp •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23962 – Alpine Halo9 Missing Authentication
https://notcve.org/view.php?id=CVE-2024-23962
21 Jun 2024 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. An attacker can leverage this in conjunction with other vulnerabilities to execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-847 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23963 – Alpine Halo9 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-23963
21 Jun 2024 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-24-850 •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-37899 – Disabling a user account changes its author, allowing RCE from user account in XWiki
https://notcve.org/view.php?id=CVE-2024-37899
20 Jun 2024 — This allows a user to place malicious code in the user profile before getting an admin to disable the user account. ... This allows a user to place malicious code in the user profile before getting an admin to disable the user account. • https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5503 – WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion
https://notcve.org/view.php?id=CVE-2024-5503
20 Jun 2024 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/browser/wp-blog-post-layouts/trunk/includes/gutenberg.php#L883 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38619 – usb-storage: alauda: Check whether the media is initialized
https://notcve.org/view.php?id=CVE-2024-38619
20 Jun 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/e80b0fade09ef1ee67b0898d480d4c588f124d5f • CWE-457: Use of Uninitialized Variable •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37626
https://notcve.org/view.php?id=CVE-2024-37626
20 Jun 2024 — A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. • http://a6000r.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31586
https://notcve.org/view.php?id=CVE-2024-31586
20 Jun 2024 — This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. • https://github.com/CyberSentryX/CVE_Hunting/tree/main/CVE-2024-31586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33335
https://notcve.org/view.php?id=CVE-2024-33335
20 Jun 2024 — SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. • https://gist.github.com/vrhappy/08cb4c8721eed8a74fe786ecdff1ec1e • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37091 – WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-37091
20 Jun 2024 — The Consulting Elementor Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •