CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41879 – RE: New Edge T5 MSRC Case [DCMSFT-1294]
https://notcve.org/view.php?id=CVE-2024-41879
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41879 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43922 – WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-43922
Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. • https://patchstack.com/database/vulnerability/nitropack/wordpress-nitropack-plugin-1-16-7-unauthenticated-arbitrary-shortcode-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5CVE-2024-7954 – SPIP porte_plume Plugin Arbitrary PHP Execution
https://notcve.org/view.php?id=CVE-2024-7954
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. • https://github.com/Chocapikk/CVE-2024-7954 https://github.com/bigb0x/CVE-2024-7954 https://github.com/fa-rrel/CVE-2024-7954-RCE https://github.com/MuhammadWaseem29/RCE-CVE-2024-7954 https://vulncheck.com/advisories/spip-porte-plume https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-5466 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-5466
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. • https://www.manageengine.com/itom/advisory/cve-2024-5466.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-42845 – Invesalius 3.1 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-42845
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. • https://github.com/invesalius/invesalius3 https://github.com/invesalius/invesalius3/releases https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845 • CWE-94: Improper Control of Generation of Code ('Code Injection') •