CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4406 – Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4406
Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-26322 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26322
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://trust.mi.com/misrc/bulletins/advisory?cveId=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-33078
https://notcve.org/view.php?id=CVE-2024-33078
A user can send a crafted image to trigger a overflow leading to remote code execution. • https://github.com/HBLocker/CVE-2024-33078 • CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33442
https://notcve.org/view.php?id=CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. • https://github.com/summerwayace/cms/blob/main/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33429
https://notcve.org/view.php?id=CVE-2024-33429
Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2 https://github.com/stsaz/phiola https://github.com/stsaz/phiola/issues/30 • CWE-122: Heap-based Buffer Overflow •