CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30282 – Adobe Animate 2024 Out of Bound Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30282
Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-36.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4947 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. ... (Severidad de seguridad de Chrome: alta) Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. • https://github.com/uixss/PoC-CVE-2024-4947 https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/340221135 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZ • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34913
https://notcve.org/view.php?id=CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/r-pan-scaffolding_Cross_site%20_scripting%20_vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34909
https://notcve.org/view.php?id=CVE-2024-34909
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/KYKMS_Cross_site%20_scripting%20_vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-34906
https://notcve.org/view.php?id=CVE-2024-34906
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. • https://github.com/kuaifan/dootask/issues/210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •