CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 6CVE-2024-9264 – Grafana SQL Expressions allow for remote code execution
https://notcve.org/view.php?id=CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. • https://github.com/z3k0sec/CVE-2024-9264-RCE-Exploit https://github.com/nollium/CVE-2024-9264 https://github.com/z3k0sec/File-Read-CVE-2024-9264 https://github.com/zgimszhd61/CVE-2024-9264 https://github.com/zgimszhd61/CVE-2024-9264-RCE https://github.com/PunitTailor55/Grafana-CVE-2024-9264 https://grafana.com/security/security-advisories/cve-2024-9264 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 1%CPEs: 2EXPL: 1CVE-2024-9593 – Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9593
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. • https://github.com/RandomRobbieBF/CVE-2024-9593 https://www.wordfence.com/threat-intel/vulnerabilities/id/247e599a-74e2-41d5-a1ba-978a807e6544?source=cve https://plugins.trac.wordpress.org/browser/time-clock/tags/1.2.2/includes/admin/ajax_functions_admin.php#L58 https://plugins.trac.wordpress.org/changeset/3171046/time-clock#file40 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49023 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49023
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49023 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43579 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43579
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43579 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43596 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43596
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43596 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •