CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31492
https://notcve.org/view.php?id=CVE-2024-31492
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20758 – [Adobe Cloud] RCE through frontend gift registry sharing
https://notcve.org/view.php?id=CVE-2024-20758
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/magento/apsb24-18.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-29500
https://notcve.org/view.php?id=CVE-2024-29500
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. • https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 8CVE-2024-29269
https://notcve.org/view.php?id=CVE-2024-29269
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. Un problema descubierto en Telesquare TLR-2005Ksh 1.0.0 y 1.1.4 permite a los atacantes ejecutar comandos arbitrarios del sistema a través del parámetro Cmd. • https://github.com/YongYe-Security/CVE-2024-29269 https://github.com/K3ysTr0K3R/CVE-2024-29269-EXPLOIT https://github.com/Chocapikk/CVE-2024-29269 https://github.com/wutalent/CVE-2024-29269 https://github.com/Jhonsonwannaa/CVE-2024-29269 https://github.com/hack-with-rohit/CVE-2024-29269-RCE https://github.com/Quantum-Hacker/CVE-2024-29269 https://github.com/dream434/CVE-2024-29269 https://github.com/wutalent/CVE-2024-29269/blob/main/index.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 3CVE-2024-31819 – AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-31819
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. • https://github.com/Chocapikk/CVE-2024-31819 https://github.com/Jhonsonwannaa/CVE-2024-31819 https://github.com/dream434/CVE-2024-31819 https://chocapikk.com/posts/2024/cve-2024-31819 https://github.com/WWBN https://github.com/WWBN/AVideo • CWE-94: Improper Control of Generation of Code ('Code Injection') •