CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-7670 – Out-of-Bounds Read Vulnerability in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2024-7670
A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45874 – VegaBird Vooki 5.2.9 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-45874
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. • http://vegabird.com https://sploitus.com/exploit?id=PACKETSTORM:181913 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45873 – VegaBird Yaazhini 2.0.2 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-45873
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. • http://vegabird.com https://sploitus.com/exploit?id=PACKETSTORM:181912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-45200
https://notcve.org/view.php?id=CVE-2024-45200
This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. • https://github.com/latte-soft/kartlanpwn https://hackerone.com/reports/2611669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-46540
https://notcve.org/view.php?id=CVE-2024-46540
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. • https://gist.github.com/microvorld/1c1ef9c3390a5d88a5ede9f9424a8bd2 https://github.com/emlog/emlog https://github.com/microvorld/CVE-2024/blob/main/emlog.md • CWE-266: Incorrect Privilege Assignment •