CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45873 – VegaBird Yaazhini 2.0.2 DLL Hijacking
https://notcve.org/view.php?id=CVE-2024-45873
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. VegaBird Yaazhini version 2.0.2 suffers from a dll hijacking vulnerability. • http://vegabird.com https://sploitus.com/exploit?id=PACKETSTORM:181912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6051 – Cross Application Scripting in Redlink SDK
https://notcve.org/view.php?id=CVE-2024-6051
Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13. • https://cert.pl/en/posts/2024/09/CVE-2024-6051 https://cert.pl/posts/2024/09/CVE-2024-6051 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-45200
https://notcve.org/view.php?id=CVE-2024-45200
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, • https://github.com/latte-soft/kartlanpwn https://hackerone.com/reports/2611669 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47649 – WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-47649
Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en THATplugin Iconize. Este problema afecta a Iconize: desde n/a hasta 1.2.4. The Iconize plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/iconize/wordpress-iconize-plugin-1-2-4-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-28811
https://notcve.org/view.php?id=CVE-2024-28811
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. • https://www.cvcn.gov.it/cvcn/cve/CVE-2024-28811 • CWE-94: Improper Control of Generation of Code ('Code Injection') •