CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26504
https://notcve.org/view.php?id=CVE-2024-26504
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. • https://cwe.mitre.org/data/definitions/601.html https://portswigger.net/kb/issues/00500100_open-redirection-reflected https://tomiodarim.io/posts/cve-2024-26504 https://wifire.me/en/hotspot • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-32212
https://notcve.org/view.php?id=CVE-2024-32212
SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components. • https://gainsec.com/2024/04/28/cve-2024-32210-cve-2024-32211-cve-2024-32212-cve-2024-32213-lomag-integrator-ce-warehouse-management • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2023-23022
https://notcve.org/view.php?id=CVE-2023-23022
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. • https://gist.github.com/enferas/ffc4d8e38e238709a3dedf3002cb321d •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4405 – Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4405
Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4192 – Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2 DOPSoft
https://notcve.org/view.php?id=CVE-2024-4192
An attacker can leverage this vulnerability to execute code in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-121-01 • CWE-121: Stack-based Buffer Overflow •