CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33103
https://notcve.org/view.php?id=CVE-2024-33103
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. • https://github.com/dokuwiki/dokuwiki/issues/4267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-0840 – Grandstream UCM Series IP PBX HTTP Parameter Injection
https://notcve.org/view.php?id=CVE-2024-0840
A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. • https://vulncheck.com/advisories/grand-stream-param-injection • CWE-141: Improper Neutralization of Parameter/Argument Delimiters •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31823
https://notcve.org/view.php?id=CVE-2024-31823
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. • https://gist.github.com/LioTree/4989e0f20b6a885604dd3178fa4b66b5 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33445
https://notcve.org/view.php?id=CVE-2024-33445
An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. • https://gist.github.com/LioTree/04a4ece38df53af4027d52b2aeb7aff6 https://github.com/hisiphp/hisiphp/issues/11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 1CVE-2024-23995
https://notcve.org/view.php?id=CVE-2024-23995
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container. • https://github.com/EQSTLab/CVE-2024-23995 https://github.com/EQSTLab/PoC/blob/main/2024/RCE/CVE-2024-23995/README.md https://www.beekeeperstudio.io • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •