CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7104 – Remote Code Execution in SFS Consulting's ww.Winsure
https://notcve.org/view.php?id=CVE-2024-7104
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. • https://www.usom.gov.tr/bildirim/tr-24-1475 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8880 – playSMS Template index.php code injection
https://notcve.org/view.php?id=CVE-2024-8880
The manipulation of the argument username/email/captcha leads to code injection. ... Mittels dem Manipulieren des Arguments username/email/captcha mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.277524 https://vuldb.com/?id.277524 https://vuldb.com/?submit.406095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-44623
https://notcve.org/view.php?id=CVE-2024-44623
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. • https://github.com/merbinr/CVE-2024-44623 https://github.com/TuomoKu/SPX-GC https://github.com/TuomoKu/SPX-GC/blob/v.1.3.0/routes/routes-api.js#L39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2024-8864 – composiohq composio calculator.py Calculator code injection
https://notcve.org/view.php?id=CVE-2024-8864
The manipulation leads to code injection. ... Durch Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://rumbling-slice-eb0.notion.site/Composio-s-Local-tools-Mathematical-has-a-code-injection-risk-in-composiohq-composio-ea0e89ee10fe4edfb9a8cfeed158c765? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8271 – FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-8271
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/woocommerce-currency-switcher/tags/1.4.2.1/classes/woocs.php#L4604 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3150596%40woocommerce-currency-switcher&new=3150596%40woocommerce-currency-switcher&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/dec51bd6-2ffe-47b6-9423-6131395bf439?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •