CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46965
https://notcve.org/view.php?id=CVE-2024-46965
The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. • https://github.com/actuator/allvideo.downloader.browser/blob/main/CVE-2024-46965 https://play.google.com/store/apps/details?id=allvideo.downloader.browser • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-46966
https://notcve.org/view.php?id=CVE-2024-46966
The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. • https://github.com/actuator/mn.ikhgur.khotoch/blob/main/CVE-2024-46966 https://play.google.com/store/apps/details?id=mn.ikhgur.khotoch • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11050 – AMTT Hotel Broadband Operation System language.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-11050
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.283793 https://vuldb.com/?id.283793 https://vuldb.com/?submit.432690 https://wiki.shikangsi.com/post/share/ba791f6d-7f63-494f-bd73-827ed7f26e2e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10958 – WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay
https://notcve.org/view.php?id=CVE-2024-10958
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/8.8.08.004/wppa-ajax.php#L1238 https://plugins.trac.wordpress.org/changeset/3184852 https://wordpress.org/plugins/wp-photo-album-plus/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/53bb0871-343a-4299-9902-682c422152d1?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46951
https://notcve.org/view.php?id=CVE-2024-46951
An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1 • CWE-824: Access of Uninitialized Pointer •