CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-48807
https://notcve.org/view.php?id=CVE-2024-48807
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. • https://medium.com/%40KrishnaChaganti/cross-site-scripting-xss-in-appointment-management-system-cve-2024-48807-0f7523be9fa2 https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-51243
https://notcve.org/view.php?id=CVE-2024-51243
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. Eladmin v2.7 y anteriores contienen una vulnerabilidad de ejecución remota de código (RCE) que puede controlar todos los servidores de implementación de aplicaciones de este sistema de administración a través de DeployController.java. • https://github.com/shadia0/Patienc/blob/main/eladmin_rce.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-51419
https://notcve.org/view.php?id=CVE-2024-51419
., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code. • https://gist.github.com/475bd8bc21c4f4dfc8f26ce35eb6ca28.git • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48733
https://notcve.org/view.php?id=CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. ... SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. • http://sas.com https://github.com/ACN-CVEs/CVE-2024-48733/blob/ea2da31c3d6e0140edd6a1455e6157b8ba2f7a67/SQL%20injection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51424
https://notcve.org/view.php?id=CVE-2024-51424
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned.setOwner function Un problema en Ethereum v.1.12.2 permite a un atacante remoto ejecutar código arbitrario a través de la función Owned.setOwner An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/AURA_0x967d176328948e4db4446b8caf623ff9b47221fb.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •