CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31784
https://notcve.org/view.php?id=CVE-2024-31784
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. • https://github.com/0x0fc/TyporaIframe/blob/main/TyporaIframeVuln.md • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23594
https://notcve.org/view.php?id=CVE-2024-23594
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-48709 – iTop vulnerable to potential formula injection in Excel/CSV export file
https://notcve.org/view.php?id=CVE-2023-48709
As Excel 2016 does **not** prevent Remote Code Execution by default, uninformed users may become victims. • https://github.com/Combodo/iTop/commit/083a0b79bfa2c106735b5c10eddb35a05ec7f04a https://github.com/Combodo/iTop/commit/b10bcb976dfe8e55aa0f659bfbcdd18334a1b17c https://github.com/Combodo/iTop/security/advisories/GHSA-9q3x-9987-53x9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31705 – GLPI 10.x.x Remote Command Execution
https://notcve.org/view.php?id=CVE-2024-31705
An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. ... GLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin. • https://github.com/V3locidad/GLPI_POC_Plugins_Shell https://seclists.org/fulldisclosure/2024/Apr/23 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3788 – Improper Neutralization of Server-Side Includes (SSI) vulnerability in WBSAirback
https://notcve.org/view.php?id=CVE-2024-3788
Exploitation of this vulnerability could allow a remote user to execute arbitrary code. • https://github.com/7Ragnarok7/CVE-2024-37888 https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions •