CVSS: 8.3EPSS: 1%CPEs: 2EXPL: 1CVE-2024-9593 – Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9593
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified. • https://github.com/RandomRobbieBF/CVE-2024-9593 https://www.wordfence.com/threat-intel/vulnerabilities/id/247e599a-74e2-41d5-a1ba-978a807e6544?source=cve https://plugins.trac.wordpress.org/browser/time-clock/tags/1.2.2/includes/admin/ajax_functions_admin.php#L58 https://plugins.trac.wordpress.org/changeset/3171046/time-clock#file40 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10073 – flairNLP flair Mode File Loader clustering.py ClusteringModel code injection
https://notcve.org/view.php?id=CVE-2024-10073
The manipulation leads to code injection. ... Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.280722 https://vuldb.com/?ctiid.280722 https://vuldb.com/?submit.420055 https://github.com/bayuncao/vul-cve-20 https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45766
https://notcve.org/view.php?id=CVE-2024-45766
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. • https://www.dell.com/support/kbdoc/en-us/000237300/dsa-2024-426-security-update-for-dell-openmanage-enterprise-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-26785
https://notcve.org/view.php?id=CVE-2023-26785
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability. MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2023-26785 https://seclists.org/fulldisclosure/2012/Dec/39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0CVE-2023-39593
https://notcve.org/view.php?id=CVE-2023-39593
Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2023-39593 https://seclists.org/fulldisclosure/2012/Dec/39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •