CVSS: 4.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-32392
https://notcve.org/view.php?id=CVE-2024-32392
Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component. • https://github.com/Hebing123/cve/issues/33 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-51791
https://notcve.org/view.php?id=CVE-2023-51791
Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. • https://ffmpeg.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY https://trac.ffmpeg.org/ticket/10738 • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.7EPSS: 0%CPEs: 22EXPL: 0CVE-2024-1491 – Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2024-1491
This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32462 – Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
https://notcve.org/view.php?id=CVE-2024-32462
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. • http://www.openwall.com/lists/oss-security/2024/04/18/5 https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97 https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931 https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messa • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3813 – tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode
https://notcve.org/view.php?id=CVE-2024-3813
This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. • https://tagdiv.com/tagdiv-composer-page-builder-basics https://www.wordfence.com/threat-intel/vulnerabilities/id/87b7bc4a-4d2f-4bcb-a9d5-72e31c95c09e?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •