CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5396
https://notcve.org/view.php?id=CVE-2023-5396
Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. • https://process.honeywell.com • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5395
https://notcve.org/view.php?id=CVE-2023-5395
Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. • https://process.honeywell.com • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3810 – Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode
https://notcve.org/view.php?id=CVE-2024-3810
This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. • https://themeforest.net/item/salient-responsive-multipurpose-theme/4363266 https://www.wordfence.com/threat-intel/vulnerabilities/id/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-30988
https://notcve.org/view.php?id=CVE-2024-30988
Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar. • https://medium.com/%40shanunirwan/cve-2024-30988-cross-site-scripting-vulnerability-in-client-management-system-using-php-mysql-1-1-e7a677936c23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-30986
https://notcve.org/view.php?id=CVE-2024-30986
Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter. • https://medium.com/%40shanunirwan/cve-2024-30986-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3fb702d9d510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •