CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12727
https://notcve.org/view.php?id=CVE-2024-12727
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12790 – code-projects Hostel Management Site room-details.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12790
A vulnerability was found in code-projects Hostel Management Site 1.0. ... This vulnerability affects unknown code of the file room-details.php. ... In code-projects Hostel Management Site 1.0 wurde eine Schwachstelle ausgemacht. • https://code-projects.org https://github.com/asd1238525/cve/blob/main/xss.md https://vuldb.com/? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-12789 – PbootCMS IndexController.php code injection
https://notcve.org/view.php?id=CVE-2024-12789
The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. ... Durch Beeinflussen des Arguments tag mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817 https://vuldb.com/?ctiid.288969 https://vuldb.com/?id.288969 https://vuldb.com/?submit.465122 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-9154 – Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9154
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. • https://cyberdanube.com/security-research/authenticated-remote-code-execution-in-ewon-flexy-205 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12798 – JaninoEventEvaluator vulnerability
https://notcve.org/view.php?id=CVE-2024-12798
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto and including version 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. • https://logback.qos.ch/news.html#1.5.13 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •