CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33300
https://notcve.org/view.php?id=CVE-2024-33300
Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. • https://github.com/whoisoo6/Stored-xss-vulnerability-exists-in-Typra • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-33430
https://notcve.org/view.php?id=CVE-2024-33430
An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/poc/I2ZFI3~5 https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.assets/image-20240420011601263.png https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.md https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1 https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1/poc https://github.com/stsaz/phiola https:/& • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-482: Comparing instead of Assigning •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2023-23021
https://notcve.org/view.php?id=CVE-2023-23021
Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php. • https://gist.github.com/enferas/fe381bcc4a020f22cec31cb00e73f43c •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4406 – Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4406
Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-26322 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26322
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://trust.mi.com/misrc/bulletins/advisory?cveId=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •