CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42835
https://notcve.org/view.php?id=CVE-2024-42835
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. • https://github.com/langflow-ai/langflow/issues/2908 •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48200
https://notcve.org/view.php?id=CVE-2024-48200
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) • https://gist.github.com/ahmedsherif/ad56cd3a9ef86cdc05175fb591804c64 https://mobaxterm.mobatek.net/download-home-edition.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6480 – SIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-6480
This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/sip-reviews-shortcode-woocommerce/trunk/public/partials/plugin-reviews-shortcode-display.php https://plugins.trac.wordpress.org/browser/sip-reviews-shortcode-woocommerce/trunk/public/partials/plugin-reviews-shortcode-display.php#L424 https://www.wordfence.com/threat-intel/vulnerabilities/id/43aa28ec-6553-4527-a1d1-eb4a58533c5d?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 1CVE-2024-51430
https://notcve.org/view.php?id=CVE-2024-51430
Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. • https://github.com/BLACK-SCORP10/CVE-2024-51430 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-48359
https://notcve.org/view.php?id=CVE-2024-48359
Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. • https://github.com/OpenXP-Research/CVE-2024-48359 • CWE-94: Improper Control of Generation of Code ('Code Injection') •