CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-33442
https://notcve.org/view.php?id=CVE-2024-33442
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. • https://github.com/summerwayace/cms/blob/main/1.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-33429
https://notcve.org/view.php?id=CVE-2024-33429
Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.assets/image-20240420011116818.png https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/heap-buffer-overflow-2.md https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/heap-buffer-overflow-2/poc https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/heap-buffer-overflow-2 https://github.com/stsaz/phiola https://github.com/stsaz/phiola/issues/30 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-26504
https://notcve.org/view.php?id=CVE-2024-26504
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. • https://cwe.mitre.org/data/definitions/601.html https://portswigger.net/kb/issues/00500100_open-redirection-reflected https://tomiodarim.io/posts/cve-2024-26504 https://wifire.me/en/hotspot • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-32212
https://notcve.org/view.php?id=CVE-2024-32212
SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components. • https://gainsec.com/2024/04/28/cve-2024-32210-cve-2024-32211-cve-2024-32212-cve-2024-32213-lomag-integrator-ce-warehouse-management • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2023-23022
https://notcve.org/view.php?id=CVE-2023-23022
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date inputs in file Main.php. • https://gist.github.com/enferas/ffc4d8e38e238709a3dedf3002cb321d •