CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2023-51254
https://notcve.org/view.php?id=CVE-2023-51254
Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. • https://github.com/yukino-hiki/CVE/blob/main/4/There%20is%20a%20stored%20xss%20at%20the%20friendship%20link.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33449
https://notcve.org/view.php?id=CVE-2024-33449
An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter Un problema SSRF en el servicio PDFMyURL permite a un atacante remoto obtener información confidencial y ejecutar código arbitrario mediante una solicitud POST en el parámetro URL • https://grumpz.net/uncovering-an-ssrf-vulnerability-in-pdfmyurl-affecting-numerous-users https://pdfmyurl.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-31821
https://notcve.org/view.php?id=CVE-2024-31821
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component. • https://gist.github.com/LioTree/5c963a37e2c335c22e74ca3d9aea32bb https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31822
https://notcve.org/view.php?id=CVE-2024-31822
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. • https://gist.github.com/LioTree/f83e25b2c5e144c0b3ad8919e6483c7a https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d22b54e8915f167a135046ceb857caaf8479c4da https://liotree.github.io/2023/Ecommerce-CodeIgniter-Bootstrap.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33435
https://notcve.org/view.php?id=CVE-2024-33435
Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend function Vulnerabilidad de permisos inseguros en Guangzhou Yingshi Electronic Technology Co. • https://github.com/vulreport3r/cve-reports/blob/main/Ncast_Yingshi_has_RCE_vulnerabilities/report.md • CWE-732: Incorrect Permission Assignment for Critical Resource •