CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2024-29988 – Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability Vulnerabilidad de omisión de la función de seguridad de solicitud de SmartScreen This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. • https://github.com/Sploitus/CVE-2024-29988-exploit https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988 • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-26158 – Microsoft Install Service Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-26158
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26158 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31224 – GPT Academic: Pickle deserializing cookies may pose RCE risk
https://notcve.org/view.php?id=CVE-2024-31224
The server deserializes untrustworthy data from the client, which may risk remote code execution. • https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35 https://github.com/binary-husky/gpt_academic/pull/1648 https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-30162 – Invision Community 4.7.16 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-30162
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. ... This can be exploited by admin users (with the toolbar_manage permission) to write arbitrary PHP files into that directory, leading to execution of arbitrary PHP code in the context of the web server user. • http://seclists.org/fulldisclosure/2024/Apr/21 https://invisioncommunity.com • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-30163 – Invision Community 4.7.15 SQL Injection
https://notcve.org/view.php?id=CVE-2024-30163
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks. ... Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php. • http://seclists.org/fulldisclosure/2024/Apr/20 https://invisioncommunity.com/release-notes/4716-r128 •