CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-51358
https://notcve.org/view.php?id=CVE-2024-51358
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. • https://github.com/Kov404/CVE-2024-51358 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10035 – Code Injection in BG-TEK's CoslatV3
https://notcve.org/view.php?id=CVE-2024-10035
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported. • https://www.usom.gov.tr/bildirim/tr-24-1814 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10761 – Umbraco CMS Dashboard frame cross site scripting
https://notcve.org/view.php?id=CVE-2024-10761
A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. • https://vuldb.com/?ctiid.282930 https://vuldb.com/?id.282930 https://vuldb.com/?submit.427091 https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48336
https://notcve.org/view.php?id=CVE-2024-48336
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. • https://github.com/canyie/MagiskEoP https://github.com/topjohnwu/Magisk/commit/c2eb6039579b8a2fb1e11a753cea7662c07bec02 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-51136
https://notcve.org/view.php?id=CVE-2024-51136
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file. • https://github.com/JAckLosingHeart/CVE-2024-51136-POC https://github.com/openimaj/openimaj https://github.com/openimaj/openimaj/issues/382 https://mvnrepository.com/artifact/org.openimaj.tools/WebTools • CWE-91: XML Injection (aka Blind XPath Injection) •