CVSS: 9.9EPSS: 0%CPEs: -EXPL: 1CVE-2024-31390 – WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-31390
: Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. • https://patchstack.com/articles/unpatched-authenticated-rce-in-oxygen-and-breakdance-builder?_s_id=cve https://patchstack.com/database/vulnerability/breakdance/wordpress-breakdance-plugin-1-7-0-authenticated-remote-code-execution-rce-vulnerability?_s_id=cve https://snicco.io/vulnerability-disclosure/breakdance/client-mode-remote-code-execution-breakdance-1-7-0? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2021-27312
https://notcve.org/view.php?id=CVE-2021-27312
Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via modules/gleez/classes/request.php. • https://gist.github.com/LioTree/8d10d123d31f50db05a25586e62a87ba https://github.com/gleez/cms/issues/805 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-27706
https://notcve.org/view.php?id=CVE-2024-27706
Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues. • https://github.com/b-hermes/vulnerability-research/blob/main/CVE-2024-27706/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-28515
https://notcve.org/view.php?id=CVE-2024-28515
Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component. • https://github.com/heshi906/CVE-2024-28515 https://gist.github.com/heshi906/090b647a76981b8aa621e99fd6e1795d • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-27705
https://notcve.org/view.php?id=CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. • https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27705 • CWE-94: Improper Control of Generation of Code ('Code Injection') •