CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45873 – VegaBird Yaazhini 2.0.2 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-45873
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. VegaBird Yaazhini version 2.0.2 suffers from a dll hijacking vulnerability. • http://vegabird.com https://sploitus.com/exploit?id=PACKETSTORM:181912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-45200
https://notcve.org/view.php?id=CVE-2024-45200
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. ... This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. • https://github.com/latte-soft/kartlanpwn https://hackerone.com/reports/2611669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-46540
https://notcve.org/view.php?id=CVE-2024-46540
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. • https://gist.github.com/microvorld/1c1ef9c3390a5d88a5ede9f9424a8bd2 https://github.com/emlog/emlog https://github.com/microvorld/CVE-2024/blob/main/emlog.md • CWE-266: Incorrect Privilege Assignment •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-46475
https://notcve.org/view.php?id=CVE-2024-46475
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://blog.csdn.net/qq_45744104/article/details/141903463 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9108 – Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9108
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/includes/social/class-xh-social-wp-api.php?rev=2111074#L39 https://www.wordfence.com/threat-intel/vulnerabilities/id/06881386-3c92-426b-948d-58e8a8bee624?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •