CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45346 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2024-45346
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. • https://trust.mi.com/misrc/bulletins/advisory?cveId=545 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39584
https://notcve.org/view.php?id=CVE-2024-39584
A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354 • CWE-1392: Use of Default Credentials •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43984 – WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-43984
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.13. This is due to missing or incorrect nonce validation on the 'get', 'update', 'create', and 'delete' functions. This makes it possible for unauthenticated attackers to modify templates and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-13-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7720 – HP Security Manager - Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7720
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. • https://support.hp.com/us-en/document/ish_11074404-11074432-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40671 – PowerVR DevmemIntChangeSparse2() Use-After-Free
https://notcve.org/view.php?id=CVE-2024-40671
In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. • https://source.android.com/security/bulletin/2024-11-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •