CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31634
https://notcve.org/view.php?id=CVE-2024-31634
Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library. • https://github.com/buchilajiao1/CVE/blob/main/xunruicms/xunruicms.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32599 – WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-32599
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. ... The WP Dummy Content Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 3.3.0 (exclusive). This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-3-2-1-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31680
https://notcve.org/view.php?id=CVE-2024-31680
IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php component. • https://github.com/heidashuai5588/cve/blob/main/upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-31784
https://notcve.org/view.php?id=CVE-2024-31784
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. • https://github.com/0x0fc/TyporaIframe/blob/main/TyporaIframeVuln.md • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23594
https://notcve.org/view.php?id=CVE-2024-23594
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-132277 • CWE-121: Stack-based Buffer Overflow •