CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-40530
https://notcve.org/view.php?id=CVE-2024-40530
A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. • https://critical.lt/blog/authorization-bypass-and-mass-assignment-in-pantera-crm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22169 – Misconfiguration in node.js causing a code execution in WD Discovery
https://notcve.org/view.php?id=CVE-2024-22169
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device. • https://www.westerndigital.com/support/product-security/wdc-24004-wd-discovery-desktop-app-version-5-0-589 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41127 – Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
https://notcve.org/view.php?id=CVE-2024-41127
Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. • https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-wcjf-5464-4wq9 https://github.com/monkeytypegame/monkeytype/commit/29627fd0d5f152e2da59671987090ea0a5c29874 https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-36268 – Apache InLong TubeMQ Client: Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36268
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. • https://lists.apache.org/thread/1w1yp1bg5sjvn46dszkf00tz1vfs0frc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39392 – Adobe Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39392
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/indesign/apsb24-48.html • CWE-122: Heap-based Buffer Overflow •