CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6095 – Remote Code Execution without authentication using memory overflow
https://notcve.org/view.php?id=CVE-2023-6095
Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. • https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6095-6096.pdf • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-32406
https://notcve.org/view.php?id=CVE-2024-32406
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. • https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31601
https://notcve.org/view.php?id=CVE-2024-31601
., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component. • https://github.com/tianqing191/book.io • CWE-616: Incomplete Identification of Uploaded File Variables (PHP) •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50739 – Lexmark CX331adwe IPP Server Authorization HTTP Header Heap-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50739
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. ... An attacker can leverage this vulnerability to execute code in the context of root. •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31828
https://notcve.org/view.php?id=CVE-2024-31828
Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. • https://jinmu1108.github.io/uncategorized/CVE-2024-31828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •