CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4405 – Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4405
Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-46295
https://notcve.org/view.php?id=CVE-2023-46295
Unauthenticated remote code execution can occur in the web server. • https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-46295 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-33393
https://notcve.org/view.php?id=CVE-2024-33393
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. • https://gist.github.com/HouqiyuA/fdb09caea44c80a5681ca1d30bcd6777 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33428
https://notcve.org/view.php?id=CVE-2024-33428
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.assets/image-20240420005017430.png https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/heap-buffer-overflow-1.md https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-1/poc https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-1 https://github.com/stsaz/phiola/issues/29 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4033 – All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image
https://notcve.org/view.php?id=CVE-2024-4033
This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/includes/functions.php#L140 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078876%40all-in-one-video-gallery%2Ftrunk&old=3072329%40all-in-one-video-gallery%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f295f9-1090-4b10-abc5-3f73c5b4e28d?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •