CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36973 – misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()
https://notcve.org/view.php?id=CVE-2024-36973
17 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/393fc2f5948fd340d016a9557eea6e1ac2f6c60c •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36580
https://notcve.org/view.php?id=CVE-2024-36580
17 Jun 2024 — A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. • https://gist.github.com/mestrtee/a75d75eca4622ad08f7cfa903a6cc9c3 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37848
https://notcve.org/view.php?id=CVE-2024-37848
17 Jun 2024 — SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/13 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37058
https://notcve.org/view.php?id=CVE-2023-37058
17 Jun 2024 — Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command. • https://github.com/ri5c/Jlink-Router-RCE •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37840
https://notcve.org/view.php?id=CVE-2024-37840
17 Jun 2024 — SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. Vulnerabilidad de inyección SQL en Processscore.php en Itsourcecode Learning Management System Project In PHP With Source Code v1.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro LessonID. • https://github.com/ganzhi-qcy/cve/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34833 – Payroll Management System 1.0 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-34833
17 Jun 2024 — Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server. ... Payroll Management System version 1.0 suffers from a remote code execution vulnerability. • https://github.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36583
https://notcve.org/view.php?id=CVE-2024-36583
17 Jun 2024 — A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. • https://gist.github.com/mestrtee/97bc2fbfbcbde3a54d5536c9adeee34c • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36574
https://notcve.org/view.php?id=CVE-2024-36574
17 Jun 2024 — A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42) Un problema de contaminación de prototipos en flatten-json 1.0.1 permite a un atacante ejecutar código arbitrario a través de module.exports.unflattenJSON (flatten-json/index.js:42) • https://gist.github.com/mestrtee/d5a0c93459599f77557b5bbe78b57325 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36575
https://notcve.org/view.php?id=CVE-2024-36575
17 Jun 2024 — A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. • https://gist.github.com/mestrtee/0d830798f20839d634278d7af0155f9e • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37057
https://notcve.org/view.php?id=CVE-2023-37057
17 Jun 2024 — Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. • https://github.com/ri5c/Jlink-Router-RCE • CWE-288: Authentication Bypass Using an Alternate Path or Channel •